Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

A flaw was found in the way SeaMonkey handled dialog boxes. An
attacker could use this flaw to create a malicious web page that would
present a blank dialog box that has non-functioning buttons. If a user
closes the dialog box window, it could unexpectedly grant the
malicious web page elevated privileges. (CVE-2011-0051)

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause SeaMonkey to crash
or, potentially, execute arbitrary code with the privileges of the
user running SeaMonkey. (CVE-2011-0053)

A flaw was found in the way SeaMonkey handled plug-ins that perform
HTTP requests. If a plug-in performed an HTTP request, and the server
sent a 307 redirect response, the plug-in was not notified, and the
HTTP request was forwarded. The forwarded request could contain custom
headers, which could result in a Cross Site Request Forgery attack.

After installing the update, SeaMonkey must be restarted for the
changes to take effect.

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60974 ()

Bugtraq ID:

CVE ID: CVE-2011-0051

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now