ID de Prueba:	1.3.6.1.4.1.25623.1.0.63710
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0398
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0398.;;SeaMonkey is an open source Web browser, email and newsgroup client, IRC;chat client, and HTML editor.;;A memory corruption flaw was discovered in the way SeaMonkey handles XML;files containing an XSLT transform. A remote attacker could use this flaw;to crash SeaMonkey or, potentially, execute arbitrary code as the user;running SeaMonkey. (CVE-2009-1169);;A flaw was discovered in the way SeaMonkey handles certain XUL garbage;collection events. A remote attacker could use this flaw to crash SeaMonkey;or, potentially, execute arbitrary code as the user running SeaMonkey.;(CVE-2009-1044);;All SeaMonkey users should upgrade to these updated packages, which correct;these issues. After installing the update, SeaMonkey must be restarted for;the changes to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0398. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1044 BugTraq ID: 34181 http://www.securityfocus.com/bid/34181 Bugtraq: 20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/502303/100/0/threaded Debian Security Information: DSA-1756 (Google Search) http://www.debian.org/security/2009/dsa-1756 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:084 http://blogs.zdnet.com/security/?p=2934 http://blogs.zdnet.com/security/?p=2941 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://news.cnet.com/8301-1009_3-10199652-83.html http://twitter.com/tippingpoint1/status/1351635812 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 http://www.zerodayinitiative.com/advisories/ZDI-09-015 http://osvdb.org/52896 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368 http://www.redhat.com/support/errata/RHSA-2009-0397.html http://www.redhat.com/support/errata/RHSA-2009-0398.html http://www.securitytracker.com/id?1021878 http://secunia.com/advisories/34471 http://secunia.com/advisories/34505 http://secunia.com/advisories/34510 http://secunia.com/advisories/34511 http://secunia.com/advisories/34521 http://secunia.com/advisories/34527 http://secunia.com/advisories/34549 http://secunia.com/advisories/34550 http://secunia.com/advisories/34792 SuSE Security Announcement: SUSE-SA:2009:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html http://www.ubuntu.com/usn/usn-745-1 http://www.vupen.com/english/advisories/2009/0864 Common Vulnerability Exposure (CVE) ID: CVE-2009-1169 1021939 http://www.securitytracker.com/id?1021939 34235 http://www.securityfocus.com/bid/34235 34471 34486 http://secunia.com/advisories/34486 34505 34510 34511 34521 34527 34549 34550 34792 8285 https://www.exploit-db.com/exploits/8285 ADV-2009-0853 http://www.vupen.com/english/advisories/2009/0853 DSA-1756 FEDORA-2009-3099 FEDORA-2009-3100 FEDORA-2009-3101 MDVSA-2009:084 RHSA-2009:0397 RHSA-2009:0398 SUSE-SA:2009:022 SUSE-SA:2009:023 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html USN-745-1 http://blogs.zdnet.com/security/?p=3013 http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm http://www.mozilla.org/security/announce/2009/mfsa2009-12.html https://bugzilla.mozilla.org/show_bug.cgi?id=460090 https://bugzilla.mozilla.org/show_bug.cgi?id=485217 https://bugzilla.mozilla.org/show_bug.cgi?id=485286 mozilla-xslt-code-execution(49439) https://exchange.xforce.ibmcloud.com/vulnerabilities/49439 oval:org.mitre.oval:def:11372 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.