openSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)

High Nessus Plugin ID 80093

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

seamonkey was updated to version 2.31 to fix 20 security issues.

These security issues were fixed :

- Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588).

- XBL bindings accessible via improper CSS declarations (CVE-2014-1589).

- XMLHttpRequest crashes with some input streams (CVE-2014-1590).

- CSP leaks redirect data via violation reports (CVE-2014-1591).

- Use-after-free during HTML5 parsing (CVE-2014-1592).

- Buffer overflow while parsing media content (CVE-2014-1593).

- Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594).

- Miscellaneous memory safety hazards (CVE-2014-1574, CVE-2014-1575).

- Buffer overflow during CSS manipulation (CVE-2014-1576).

- Web Audio memory corruption issues with custom waveforms (CVE-2014-1577).

- Out-of-bounds write with WebM video (CVE-2014-1578).

- Further uninitialized memory use during GIF rendering (CVE-2014-1580).

- Use-after-free interacting with text directionality (CVE-2014-1581).

- Key pinning bypasses (CVE-2014-1582, CVE-2014-1584).

- Inconsistent video sharing within iframe (CVE-2014-1585, CVE-2014-1586).

- Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) (CVE-2014-1583).

This non-security issue was fixed :

- define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639).

Solution

Update the affected seamonkey packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=894370

https://bugzilla.opensuse.org/show_bug.cgi?id=900639

https://bugzilla.opensuse.org/show_bug.cgi?id=900941

https://bugzilla.opensuse.org/show_bug.cgi?id=908009

https://lists.opensuse.org/opensuse-updates/2014-12/msg00068.html

Plugin Details

Severity: High

ID: 80093

File Name: openSUSE-2014-784.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2014/12/18

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/12/08

Reference Information

CVE: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1580, CVE-2014-1581, CVE-2014-1582, CVE-2014-1583, CVE-2014-1584, CVE-2014-1585, CVE-2014-1586, CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594