openSUSE 10 Security Update : seamonkey (seamonkey-2691)
High Nessus Plugin ID 27439
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis security update brings Mozilla SeaMonkey to version 1.1.1.
http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details.
It includes fixes to the following security problems :
- MFSA 2007-02: Various enhancements were done to make XSS exploits against websites less effective. These included fixes for invalid trailing characters (CVE-2007-0995), child frame character set inheritance (CVE-2007-0996), password form injection (CVE-2006-6077), and the Adobe Reader universal XSS problem.
- MFSA 2007-03/CVE-2007-0778: AAd reported a potential disk cache collision that could be exploited by remote attackers to steal confidential data or execute code.
- MFSA 2007-04/CVE-2007-0779: David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using a large, mostly transparent, custom cursor and adjusting the CSS3 hotspot property so that the visible part of the cursor floated outside the browser content area.
- MFSA 2007-05: Manually opening blocked popups could be exploited by remote attackers to allow XSS attacks (CVE-2007-0780) or to execute code in local files (CVE-2007-0800).
- MFSA 2007-06: Two buffer overflows were found in the NSS handling of Mozilla.
CVE-2007-0008: SSL clients such as Firefox and Thunderbird can suffer a buffer overflow if a malicious server presents a certificate with a public key that is too small to encrypt the entire 'Master Secret'.
Exploiting this overflow appears to be unreliable but possible if the SSLv2 protocol is enabled.
CVE-2007-0009: Servers that use NSS for the SSLv2 protocol can be exploited by a client that presents a 'Client Master Key' with invalid length values in any of several fields that are used without adequate error checking. This can lead to a buffer overflow that presumably could be exploitable.
- MFSA 2007-06/CVE-2007-0981: Michal Zalewski demonstrated that setting location.hostname to a value with embedded null characters can confuse the browsers domain checks.
Setting the value triggers a load, but the networking software reads the hostname only up to the null character while other checks for 'parent domain' start at the right and so can have a completely different idea of what the current host is.
SolutionUpdate the affected seamonkey packages.