Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.59633
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2007:1084
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2007:1084.

SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

A cross-site scripting flaw was found in the way SeaMonkey handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
SeaMonkey. (CVE-2007-5947)

Several flaws were found in the way SeaMonkey processed certain malformed
web content. A webpage containing malicious content could cause SeaMonkey
to crash, or potentially execute arbitrary code as the user running
SeaMonkey. (CVE-2007-5959)

A race condition existed when Seamonkey set the window.location property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)

Users of SeaMonkey are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-1084.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-5947
BugTraq ID: 26385
http://www.securityfocus.com/bid/26385
Bugtraq: 20080212 FLEA-2008-0001-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Bugtraq: 20080229 rPSA-2008-0093-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/488971/100/0/threaded
CERT/CC vulnerability note: VU#715737
http://www.kb.cert.org/vuls/id/715737
Debian Security Information: DSA-1424 (Google Search)
http://www.debian.org/security/2007/dsa-1424
Debian Security Information: DSA-1425 (Google Search)
http://www.debian.org/security/2007/dsa-1425
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
http://security.gentoo.org/glsa/glsa-200712-21.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
http://bugs.gentoo.org/show_bug.cgi?id=198965
http://bugs.gentoo.org/show_bug.cgi?id=200909
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
http://www.redhat.com/support/errata/RHSA-2007-1082.html
http://www.redhat.com/support/errata/RHSA-2007-1083.html
http://www.redhat.com/support/errata/RHSA-2007-1084.html
http://www.securitytracker.com/id?1018928
http://secunia.com/advisories/27605
http://secunia.com/advisories/27793
http://secunia.com/advisories/27796
http://secunia.com/advisories/27797
http://secunia.com/advisories/27800
http://secunia.com/advisories/27816
http://secunia.com/advisories/27838
http://secunia.com/advisories/27845
http://secunia.com/advisories/27855
http://secunia.com/advisories/27944
http://secunia.com/advisories/27955
http://secunia.com/advisories/27957
http://secunia.com/advisories/27979
http://secunia.com/advisories/28001
http://secunia.com/advisories/28016
http://secunia.com/advisories/28171
http://secunia.com/advisories/28277
http://secunia.com/advisories/28398
http://secunia.com/advisories/29164
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
SuSE Security Announcement: SUSE-SA:2007:066 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
https://usn.ubuntu.com/546-1/
http://www.ubuntu.com/usn/usn-546-2
http://www.vupen.com/english/advisories/2007/3818
http://www.vupen.com/english/advisories/2007/4002
http://www.vupen.com/english/advisories/2007/4018
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/0643
XForce ISS Database: firefox-jar-uri-xss(38356)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38356
Common Vulnerability Exposure (CVE) ID: CVE-2007-5959
BugTraq ID: 26593
http://www.securityfocus.com/bid/26593
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11014
http://securitytracker.com/id?1018994
http://secunia.com/advisories/27725
XForce ISS Database: mozilla-multiple-memcorrupt-code-execution(38643)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38643
Common Vulnerability Exposure (CVE) ID: CVE-2007-5960
BugTraq ID: 26589
http://www.securityfocus.com/bid/26589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
http://securitytracker.com/id?1018995
XForce ISS Database: mozilla-http-referer-spoofing(38644)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.