This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A flaw was found in the way SeaMonkey handled dialog boxes. An
attacker could use this flaw to create a malicious web page that would
present a blank dialog box that has non-functioning buttons. If a user
closes the dialog box window, it could unexpectedly grant the
malicious web page elevated privileges. (CVE-2011-0051)
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause SeaMonkey to crash
or, potentially, execute arbitrary code with the privileges of the
user running SeaMonkey. (CVE-2011-0053)
A flaw was found in the way SeaMonkey handled plug-ins that perform
HTTP requests. If a plug-in performed an HTTP request, and the server
sent a 307 redirect response, the plug-in was not notified, and the
HTTP request was forwarded. The forwarded request could contain custom
headers, which could result in a Cross Site Request Forgery attack.
After installing the update, SeaMonkey must be restarted for the
changes to take effect.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0