Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0402

The remote host is missing updates announced in
advisory RHSA-2007:0402.

SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause SeaMonkey to crash or potentially execute arbitrary code as
the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A
malicious FTP server could use this flaw to perform a rudimentary port-scan
of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way SeaMonkey handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent SeaMonkey from
functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way SeaMonkey processed certain APOP authentication
requests. By sending certain responses when SeaMonkey attempted to
authenticate against an APOP server, a remote attacker could potentially
acquire certain portions of a user's authentication credentials.

A flaw was found in the way SeaMonkey handled the addEventListener
JavaScript method. A malicious web site could use this method to access or
modify sensitive data from another web site. (CVE-2007-2870)

A flaw was found in the way SeaMonkey displayed certain web content. A
malicious web page could generate content that would overlay user
interface elements such as the hostname and security indicators, tricking
users into thinking they are visiting a different site. (CVE-2007-2871)

Users of SeaMonkey are advised to upgrade to these erratum packages, which
contain SeaMonkey version 1.0.9 that corrects these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1362
BugTraq ID: 22879
BugTraq ID: 24242
Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search)
Cert/CC Advisory: TA07-151A
Debian Security Information: DSA-1300 (Google Search)
Debian Security Information: DSA-1306 (Google Search)
Debian Security Information: DSA-1308 (Google Search)
HPdes Security Advisory: HPSBUX02153
HPdes Security Advisory: SSRT061181
SuSE Security Announcement: SUSE-SA:2007:036 (Google Search)
XForce ISS Database: mozilla-doccookie-dos(34613)
Common Vulnerability Exposure (CVE) ID: CVE-2007-1562
BugTraq ID: 23082
Bugtraq: 20070322 FLEA-2007-0001-1: firefox (Google Search)
XForce ISS Database: firefox-nsftpstate-information-disclosure(33119)
Common Vulnerability Exposure (CVE) ID: CVE-2007-1558
BugTraq ID: 23257
Bugtraq: 20070402 APOP vulnerability (Google Search)
Bugtraq: 20070403 Re: APOP vulnerability (Google Search)
Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search)
Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search)
Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search)
Debian Security Information: DSA-1305 (Google Search)
HPdes Security Advisory: HPSBUX02156
HPdes Security Advisory: SSRT061236
SGI Security Advisory: 20070602-01-P
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-2867
CERT/CC vulnerability note: VU#751636
XForce ISS Database: mozilla-layoutengine-dos(34604)
Common Vulnerability Exposure (CVE) ID: CVE-2007-2868
CERT/CC vulnerability note: VU#609956
XForce ISS Database: mozilla-javascripteng-code-execution(34605)
Common Vulnerability Exposure (CVE) ID: CVE-2007-2869
XForce ISS Database: firefox-autocomplete-dos(34612)
Common Vulnerability Exposure (CVE) ID: CVE-2007-2870
XForce ISS Database: mozilla-addeventlistener-xss(34614)
Common Vulnerability Exposure (CVE) ID: CVE-2007-2871
XForce ISS Database: mozilla-xulpopups-spoofing(34606)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.