English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57554
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0734
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0734.

SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processes certain malformed
Javascript code. A malicious web page could cause the execution of
Javascript code in such a way that could cause SeaMonkey to crash or
execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463,
CVE-2006-5747, CVE-2006-5748)

Several flaws were found in the way SeaMonkey renders web pages. A
malicious web page could cause the browser to crash or possibly execute
arbitrary code as the user running SeaMonkey. (CVE-2006-5464)

A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys
with exponent 3 it is possible for an attacker to forge a signature that
would be incorrectly verified by the NSS library. SeaMonkey as shipped
trusts several root Certificate Authorities that use exponent 3. An
attacker could have created a carefully crafted SSL certificate which be
incorrectly trusted when their site was visited by a victim. This flaw was
previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn
discovered the fix was incomplete (CVE-2006-5462)

Users of SeaMonkey are advised to upgrade to these erratum packages, which
contains SeaMonkey version 1.0.6 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0734.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5462
Cert/CC Advisory: TA06-312A
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
CERT/CC vulnerability note: VU#335392
http://www.kb.cert.org/vuls/id/335392
Debian Security Information: DSA-1224 (Google Search)
http://www.debian.org/security/2006/dsa-1224
Debian Security Information: DSA-1225 (Google Search)
http://www.debian.org/security/2006/dsa-1225
Debian Security Information: DSA-1227 (Google Search)
http://www.debian.org/security/2006/dsa-1227
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://security.gentoo.org/glsa/glsa-200612-08.xml
HPdes Security Advisory: HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
RedHat Security Advisories: RHSA-2006:0733
http://rhn.redhat.com/errata/RHSA-2006-0733.html
RedHat Security Advisories: RHSA-2006:0734
http://rhn.redhat.com/errata/RHSA-2006-0734.html
RedHat Security Advisories: RHSA-2006:0735
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://securitytracker.com/id?1017180
http://securitytracker.com/id?1017181
http://securitytracker.com/id?1017182
http://secunia.com/advisories/22066
http://secunia.com/advisories/22722
http://secunia.com/advisories/22727
http://secunia.com/advisories/22737
http://secunia.com/advisories/22763
http://secunia.com/advisories/22770
http://secunia.com/advisories/22815
http://secunia.com/advisories/22817
http://secunia.com/advisories/22929
http://secunia.com/advisories/22965
http://secunia.com/advisories/22980
http://secunia.com/advisories/23009
http://secunia.com/advisories/23013
http://secunia.com/advisories/23197
http://secunia.com/advisories/23202
http://secunia.com/advisories/23235
http://secunia.com/advisories/23263
http://secunia.com/advisories/23287
http://secunia.com/advisories/23297
http://secunia.com/advisories/23883
http://secunia.com/advisories/24711
SGI Security Advisory: 20061101-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
SuSE Security Announcement: SUSE-SA:2006:068 (Google Search)
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.ubuntu.com/usn/usn-381-1
http://www.ubuntu.com/usn/usn-382-1
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/4387
http://www.vupen.com/english/advisories/2007/0293
http://www.vupen.com/english/advisories/2007/1198
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: mozilla-nss-security-bypass(30098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
Common Vulnerability Exposure (CVE) ID: CVE-2006-5463
BugTraq ID: 20957
http://www.securityfocus.com/bid/20957
Bugtraq: 20061109 rPSA-2006-0206-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/451099/100/0/threaded
CERT/CC vulnerability note: VU#714496
http://www.kb.cert.org/vuls/id/714496
https://bugzilla.mozilla.org/show_bug.cgi?id=355655
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10357
http://securitytracker.com/id?1017184
http://securitytracker.com/id?1017185
http://securitytracker.com/id?1017186
http://secunia.com/advisories/22774
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103011-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200185-1
http://www.vupen.com/english/advisories/2007/2663
XForce ISS Database: mozilla-script-code-execution(30116)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30116
Common Vulnerability Exposure (CVE) ID: CVE-2006-5464
CERT/CC vulnerability note: VU#495288
http://www.kb.cert.org/vuls/id/495288
https://bugzilla.mozilla.org/show_bug.cgi?id=307809
https://bugzilla.mozilla.org/show_bug.cgi?id=310267
https://bugzilla.mozilla.org/show_bug.cgi?id=350370
https://bugzilla.mozilla.org/show_bug.cgi?id=351328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9304
http://securitytracker.com/id?1017177
http://securitytracker.com/id?1017178
http://securitytracker.com/id?1017179
http://secunia.com/advisories/27328
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200587-1
http://www.vupen.com/english/advisories/2007/3588
XForce ISS Database: mozilla-layout-dos(30092)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30092
Common Vulnerability Exposure (CVE) ID: CVE-2006-5747
CERT/CC vulnerability note: VU#815432
http://www.kb.cert.org/vuls/id/815432
https://bugzilla.mozilla.org/show_bug.cgi?id=355569
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496
XForce ISS Database: mozilla-xmlprototypehasownproperty-dos(30093)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30093
Common Vulnerability Exposure (CVE) ID: CVE-2006-5748
CERT/CC vulnerability note: VU#390480
http://www.kb.cert.org/vuls/id/390480
https://bugzilla.mozilla.org/show_bug.cgi?id=349527
https://bugzilla.mozilla.org/show_bug.cgi?id=350238
https://bugzilla.mozilla.org/show_bug.cgi?id=351116
https://bugzilla.mozilla.org/show_bug.cgi?id=351973
https://bugzilla.mozilla.org/show_bug.cgi?id=352271
https://bugzilla.mozilla.org/show_bug.cgi?id=352606
https://bugzilla.mozilla.org/show_bug.cgi?id=353165
https://bugzilla.mozilla.org/show_bug.cgi?id=354145
https://bugzilla.mozilla.org/show_bug.cgi?id=354151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11408
http://secunia.com/advisories/27603
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201335-1
http://www.vupen.com/english/advisories/2007/3821
XForce ISS Database: mozilla-javascript-engine-code-execution(30096)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30096
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.