openSUSE Security Update : seamonkey (openSUSE-SU-2014:1656-1)
Medium Nessus Plugin ID 80094
SynopsisThe remote openSUSE host is missing a security update.
Descriptionseamonkey was updated to version 2.31 to fix eight security issues.
These security issues were fixed :
- Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588).
- XBL bindings accessible via improper CSS declarations (CVE-2014-1589).
- XMLHttpRequest crashes with some input streams (CVE-2014-1590).
- CSP leaks redirect data via violation reports (CVE-2014-1591).
- Use-after-free during HTML5 parsing (CVE-2014-1592).
- Buffer overflow while parsing media content (CVE-2014-1593).
- Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594).
This non-security issue was fixed :
- define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639).
SolutionUpdate the affected seamonkey packages.