CentOS Local Security Checks : CentOS Update for seamonkey CESA-2011:0313 centos4 i386

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.880478

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for seamonkey CESA-2011:0313 centos4 i386

Zusammenfassung: The remote host is missing an update for the 'seamonkey'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'seamonkey'
package(s) announced via the referenced advisory.

Vulnerability Insight:
SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

A flaw was found in the way SeaMonkey handled dialog boxes. An attacker
could use this flaw to create a malicious web page that would present a
blank dialog box that has non-functioning buttons. If a user closes the
dialog box window, it could unexpectedly grant the malicious web page
elevated privileges. (CVE-2011-0051)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2011-0053)

A flaw was found in the way SeaMonkey handled plug-ins that perform HTTP
requests. If a plug-in performed an HTTP request, and the server sent a 307
redirect response, the plug-in was not notified, and the HTTP request was
forwarded. The forwarded request could contain custom headers, which could
result in a Cross Site Request Forgery attack. (CVE-2011-0059)

All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

Affected Software/OS:
seamonkey on CentOS 4

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211
http://www.redhat.com/support/errata/RHSA-2011-0312.html
http://www.redhat.com/support/errata/RHSA-2011-0313.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0053
BugTraq ID: 46645
http://www.securityfocus.com/bid/46645
http://www.mandriva.com/security/advisories?name=MDVSA-2011:042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14379
Common Vulnerability Exposure (CVE) ID: CVE-2011-0059
BugTraq ID: 46652
http://www.securityfocus.com/bid/46652
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.880478
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for seamonkey CESA-2011:0313 centos4 i386
Zusammenfassung:	The remote host is missing an update for the 'seamonkey'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'seamonkey' package(s) announced via the referenced advisory. Vulnerability Insight: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated privileges. (CVE-2011-0051) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0053) A flaw was found in the way SeaMonkey handled plug-ins that perform HTTP requests. If a plug-in performed an HTTP request, and the server sent a 307 redirect response, the plug-in was not notified, and the HTTP request was forwarded. The forwarded request could contain custom headers, which could result in a Cross Site Request Forgery attack. (CVE-2011-0059) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. Affected Software/OS: seamonkey on CentOS 4 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211 http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html Common Vulnerability Exposure (CVE) ID: CVE-2011-0053 BugTraq ID: 46645 http://www.securityfocus.com/bid/46645 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14379 Common Vulnerability Exposure (CVE) ID: CVE-2011-0059 BugTraq ID: 46652 http://www.securityfocus.com/bid/46652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473
Copyright	Copyright (C) 2011 Greenbone AG