Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:0313

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69055

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:0313

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:0313.

SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

A flaw was found in the way SeaMonkey handled dialog boxes. An attacker
could use this flaw to create a malicious web page that would present a
blank dialog box that has non-functioning buttons. If a user closes the
dialog box window, it could unexpectedly grant the malicious web page
elevated privileges. (CVE-2011-0051)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2011-0053)

A flaw was found in the way SeaMonkey handled plug-ins that perform HTTP
requests. If a plug-in performed an HTTP request, and the server sent a 307
redirect response, the plug-in was not notified, and the HTTP request was
forwarded. The forwarded request could contain custom headers, which could
result in a Cross Site Request Forgery attack. (CVE-2011-0059)

All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0313.html

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211
http://www.redhat.com/support/errata/RHSA-2011-0312.html
http://www.redhat.com/support/errata/RHSA-2011-0313.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0053
BugTraq ID: 46645
http://www.securityfocus.com/bid/46645
http://www.mandriva.com/security/advisories?name=MDVSA-2011:042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14379
Common Vulnerability Exposure (CVE) ID: CVE-2011-0059
BugTraq ID: 46652
http://www.securityfocus.com/bid/46652
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69055
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0313
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0313. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated privileges. (CVE-2011-0051) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0053) A flaw was found in the way SeaMonkey handled plug-ins that perform HTTP requests. If a plug-in performed an HTTP request, and the server sent a 307 redirect response, the plug-in was not notified, and the HTTP request was forwarded. The forwarded request could contain custom headers, which could result in a Cross Site Request Forgery attack. (CVE-2011-0059) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0313.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211 http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html Common Vulnerability Exposure (CVE) ID: CVE-2011-0053 BugTraq ID: 46645 http://www.securityfocus.com/bid/46645 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14379 Common Vulnerability Exposure (CVE) ID: CVE-2011-0059 BugTraq ID: 46652 http://www.securityfocus.com/bid/46652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com