Test ID:	1.3.6.1.4.1.25623.1.0.58080
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0077
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0077. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the location.hostname value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.8 that corrects these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0077.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6077 BugTraq ID: 21240 http://www.securityfocus.com/bid/21240 BugTraq ID: 22694 http://www.securityfocus.com/bid/22694 Bugtraq: 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search) http://www.securityfocus.com/archive/1/452382/100/0/threaded Bugtraq: 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search) http://www.securityfocus.com/archive/1/452431/100/0/threaded Bugtraq: 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search) http://www.securityfocus.com/archive/1/452440/100/0/threaded Bugtraq: 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search) http://www.securityfocus.com/archive/1/452463/100/0/threaded Bugtraq: 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search) http://www.securityfocus.com/archive/1/454982/100/0/threaded Bugtraq: 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search) http://www.securityfocus.com/archive/1/455073/100/0/threaded Bugtraq: 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search) http://www.securityfocus.com/archive/1/455148/100/0/threaded Bugtraq: 20070226 rPSA-2007-0040-1 firefox (Google Search) http://www.securityfocus.com/archive/1/461336/100/0/threaded Bugtraq: 20070303 rPSA-2007-0040-3 firefox thunderbird (Google Search) http://www.securityfocus.com/archive/1/461809/100/0/threaded Debian Security Information: DSA-1336 (Google Search) http://www.debian.org/security/2007/dsa-1336 http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://security.gentoo.org/glsa/glsa-200703-04.xml http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: SSRT061181 http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 http://www.info-svc.com/news/11-21-2006/ http://www.info-svc.com/news/11-21-2006/rcsr1/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031 RedHat Security Advisories: RHSA-2007:0077 http://rhn.redhat.com/errata/RHSA-2007-0077.html http://www.redhat.com/support/errata/RHSA-2007-0078.html http://www.redhat.com/support/errata/RHSA-2007-0079.html http://www.redhat.com/support/errata/RHSA-2007-0097.html http://www.redhat.com/support/errata/RHSA-2007-0108.html http://securitytracker.com/id?1017271 http://secunia.com/advisories/23046 http://secunia.com/advisories/23108 http://secunia.com/advisories/24205 http://secunia.com/advisories/24238 http://secunia.com/advisories/24287 http://secunia.com/advisories/24290 http://secunia.com/advisories/24293 http://secunia.com/advisories/24320 http://secunia.com/advisories/24328 http://secunia.com/advisories/24333 http://secunia.com/advisories/24342 http://secunia.com/advisories/24343 http://secunia.com/advisories/24384 http://secunia.com/advisories/24393 http://secunia.com/advisories/24395 http://secunia.com/advisories/24437 http://secunia.com/advisories/24457 http://secunia.com/advisories/24650 http://secunia.com/advisories/25588 SGI Security Advisory: 20070202-01-P ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc SGI Security Advisory: 20070301-01-P ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 SuSE Security Announcement: SUSE-SA:2007:019 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html SuSE Security Announcement: SUSE-SA:2007:022 (Google Search) http://www.novell.com/linux/security/advisories/2007_22_mozilla.html http://www.ubuntu.com/usn/usn-428-1 http://www.vupen.com/english/advisories/2006/4662 http://www.vupen.com/english/advisories/2007/0718 XForce ISS Database: firefox-passwordmgr-information-disclosure(30470) https://exchange.xforce.ibmcloud.com/vulnerabilities/30470 Common Vulnerability Exposure (CVE) ID: CVE-2007-0008 1017696 http://www.securitytracker.com/id?1017696 102856 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1 102945 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1 20070202-01-P 20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 20070226 rPSA-2007-0040-1 firefox 20070301-01-P 20070303 rPSA-2007-0040-3 firefox thunderbird 22694 24205 24238 24252 http://secunia.com/advisories/24252 24253 http://secunia.com/advisories/24253 24277 http://secunia.com/advisories/24277 24287 24290 24293 24320 24328 24333 24342 24343 24384 24389 http://secunia.com/advisories/24389 24395 24406 http://secunia.com/advisories/24406 24410 http://secunia.com/advisories/24410 24455 http://secunia.com/advisories/24455 24456 http://secunia.com/advisories/24456 24457 24522 http://secunia.com/advisories/24522 24562 http://secunia.com/advisories/24562 24650 24703 http://secunia.com/advisories/24703 25588 25597 http://secunia.com/advisories/25597 32105 http://www.osvdb.org/32105 64758 http://www.securityfocus.com/bid/64758 ADV-2007-0718 ADV-2007-0719 http://www.vupen.com/english/advisories/2007/0719 ADV-2007-1165 http://www.vupen.com/english/advisories/2007/1165 ADV-2007-2141 http://www.vupen.com/english/advisories/2007/2141 DSA-1336 FEDORA-2007-278 http://fedoranews.org/cms/node/2709 FEDORA-2007-279 http://fedoranews.org/cms/node/2711 FEDORA-2007-281 FEDORA-2007-293 FEDORA-2007-308 http://fedoranews.org/cms/node/2747 FEDORA-2007-309 http://fedoranews.org/cms/node/2749 GLSA-200703-18 http://security.gentoo.org/glsa/glsa-200703-18.xml GLSA-200703-22 http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml HPSBUX02153 MDKSA-2007:050 MDKSA-2007:052 http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 RHSA-2007:0077 RHSA-2007:0078 RHSA-2007:0079 RHSA-2007:0097 RHSA-2007:0108 SSA:2007-066-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 SSA:2007-066-04 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 SSA:2007-066-05 SSRT061181 SUSE-SA:2007:019 SUSE-SA:2007:022 USN-428-1 USN-431-1 http://www.ubuntu.com/usn/usn-431-1 VU#377812 http://www.kb.cert.org/vuls/id/377812 http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html https://bugzilla.mozilla.org/show_bug.cgi?id=364319 https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 nss-mastersecret-bo(32666) https://exchange.xforce.ibmcloud.com/vulnerabilities/32666 oval:org.mitre.oval:def:10502 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502 Common Vulnerability Exposure (CVE) ID: CVE-2007-0009 20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 32106 http://www.osvdb.org/32106 VU#592796 http://www.kb.cert.org/vuls/id/592796 https://bugzilla.mozilla.org/show_bug.cgi?id=364323 nss-clientmasterkey-bo(32663) https://exchange.xforce.ibmcloud.com/vulnerabilities/32663 oval:org.mitre.oval:def:10174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174 Common Vulnerability Exposure (CVE) ID: CVE-2007-0775 1017698 http://www.securitytracker.com/id?1017698 24393 24437 32114 http://www.osvdb.org/32114 ADV-2008-0083 http://www.vupen.com/english/advisories/2008/0083 GLSA-200703-04 GLSA-200703-08 VU#761756 http://www.kb.cert.org/vuls/id/761756 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html mozilla-multiple-layout-code-execution(32704) https://exchange.xforce.ibmcloud.com/vulnerabilities/32704 oval:org.mitre.oval:def:10012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10012 Common Vulnerability Exposure (CVE) ID: CVE-2007-0777 32115 http://www.osvdb.org/32115 VU#269484 http://www.kb.cert.org/vuls/id/269484 mozilla-multiple-javascript-code-execution(32699) https://exchange.xforce.ibmcloud.com/vulnerabilities/32699 oval:org.mitre.oval:def:11331 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11331 Common Vulnerability Exposure (CVE) ID: CVE-2007-0778 1017699 http://securitytracker.com/id?1017699 32110 http://www.osvdb.org/32110 http://www.mozilla.org/security/announce/2007/mfsa2007-03.html https://bugzilla.mozilla.org/show_bug.cgi?id=347852 mozilla-diskcache-information-disclosure(32671) https://exchange.xforce.ibmcloud.com/vulnerabilities/32671 oval:org.mitre.oval:def:9151 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151 Common Vulnerability Exposure (CVE) ID: CVE-2007-0779 1017700 http://www.securitytracker.com/id?1017700 32109 http://osvdb.org/32109 http://www.mozilla.org/security/announce/2007/mfsa2007-04.html https://bugzilla.mozilla.org/show_bug.cgi?id=361298 oval:org.mitre.oval:def:8757 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8757 Common Vulnerability Exposure (CVE) ID: CVE-2007-0780 1017702 http://www.securitytracker.com/id?1017702 32107 http://www.osvdb.org/32107 http://www.mozilla.org/security/announce/2007/mfsa2007-05.html https://bugzilla.mozilla.org/show_bug.cgi?id=354973 mozilla-dataurl-xss(32667) https://exchange.xforce.ibmcloud.com/vulnerabilities/32667 oval:org.mitre.oval:def:9884 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884 Common Vulnerability Exposure (CVE) ID: CVE-2007-0800 BugTraq ID: 22396 http://www.securityfocus.com/bid/22396 Bugtraq: 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search) http://www.securityfocus.com/archive/1/459162/100/0/threaded Bugtraq: 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search) http://www.securityfocus.com/archive/1/459163/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html http://www.osvdb.org/32108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654 XForce ISS Database: firefox-popup-security-bypass(32194) https://exchange.xforce.ibmcloud.com/vulnerabilities/32194 Common Vulnerability Exposure (CVE) ID: CVE-2007-0981 BugTraq ID: 22566 http://www.securityfocus.com/bid/22566 Bugtraq: 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search) http://www.securityfocus.com/archive/1/460126/100/200/threaded Bugtraq: 20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search) http://www.securityfocus.com/archive/1/460217/100/0/threaded CERT/CC vulnerability note: VU#885753 http://www.kb.cert.org/vuls/id/885753 http://lcamtuf.dione.cc/ffhostname.html http://www.osvdb.org/32104 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730 http://securitytracker.com/id?1017654 http://secunia.com/advisories/24175 http://securityreason.com/securityalert/2262 http://www.vupen.com/english/advisories/2007/0624 XForce ISS Database: firefox-locationhostname-security-bypass(32533) https://exchange.xforce.ibmcloud.com/vulnerabilities/32533 Common Vulnerability Exposure (CVE) ID: CVE-2007-0995 32111 http://www.osvdb.org/32111 32112 http://osvdb.org/32112 http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2 http://www.mozilla.org/security/announce/2007/mfsa2007-02.html oval:org.mitre.oval:def:10164 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164 Common Vulnerability Exposure (CVE) ID: CVE-2007-0996 20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability http://www.securityfocus.com/archive/1/461076/100/0/threaded 33812 http://osvdb.org/33812 http://www.hardened-php.net/advisory_032007.142.html oval:org.mitre.oval:def:10086 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.