Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Updated seamonkey packages that fix several security issues are now
available for Fedora 8 and Fedora 9. This update has been rated as
having critical security impact by the Red Hat Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor. Several flaws were found in
the processing of malformed web content. A web page containing
malicious content could cause SeaMonkey to crash or, potentially,
execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,
CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,
CVE-2008-4062) Several flaws were found in the way malformed web
content was displayed. A web page containing specially crafted content
could potentially trick a SeaMonkey user into surrendering sensitive
information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,
CVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse
click events. A web page containing specially crafted JavaScript code
could move the content window while a mouse-button was pressed,
causing any item under the pointer to be dragged. This could,
potentially, cause the user to perform an unsafe drag-and-drop action.
(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain
characters to be stripped from JavaScript code. This flaw could allow
malicious JavaScript to bypass or evade script filters.
(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to
these updated packages, which contain patches to resolve these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?6cec37da

Solution :

Update the affected seamonkey package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now