Detections
Analytics
RHEL 3 / 4 : seamonkey (RHSA-2009:1531)
critical Nessus Plugin ID 42288
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.This update has been rated as having critical security impact by the Red Hat Security Response Team.
SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.
A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274)
A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey.
(CVE-2009-1563)
A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375)
A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380)
All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/cve-2009-1563
https://access.redhat.com/security/cve/cve-2009-3274
https://access.redhat.com/security/cve/cve-2009-3375
https://access.redhat.com/security/cve/cve-2009-3376
https://access.redhat.com/security/cve/cve-2009-3380
https://access.redhat.com/security/cve/cve-2009-3384
Plugin Details
Severity: Critical
ID: 42288
File Name: redhat-RHSA-2009-1531.nasl
Version: 1.25
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 10/28/2009
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger, p-cpe:/a:redhat:enterprise_linux:seamonkey, p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr, p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector, p-cpe:/a:redhat:enterprise_linux:seamonkey-devel, p-cpe:/a:redhat:enterprise_linux:seamonkey-mail, p-cpe:/a:redhat:enterprise_linux:seamonkey-chat, cpe:/o:redhat:enterprise_linux:3, cpe:/o:redhat:enterprise_linux:4, p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel, p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel, cpe:/o:redhat:enterprise_linux:4.8, p-cpe:/a:redhat:enterprise_linux:seamonkey-nss
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 10/27/2009
Vulnerability Publication Date: 9/21/2009
Reference Information
CVE: CVE-2009-0689, CVE-2009-3274, CVE-2009-3372, CVE-2009-3373, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3384, CVE-2009-3385