Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58286
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0402
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0402.

SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause SeaMonkey to crash or potentially execute arbitrary code as
the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A
malicious FTP server could use this flaw to perform a rudimentary port-scan
of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way SeaMonkey handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent SeaMonkey from
functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way SeaMonkey processed certain APOP authentication
requests. By sending certain responses when SeaMonkey attempted to
authenticate against an APOP server, a remote attacker could potentially
acquire certain portions of a user's authentication credentials.
(CVE-2007-1558)

A flaw was found in the way SeaMonkey handled the addEventListener
JavaScript method. A malicious web site could use this method to access or
modify sensitive data from another web site. (CVE-2007-2870)

A flaw was found in the way SeaMonkey displayed certain web content. A
malicious web page could generate content that would overlay user
interface elements such as the hostname and security indicators, tricking
users into thinking they are visiting a different site. (CVE-2007-2871)

Users of SeaMonkey are advised to upgrade to these erratum packages, which
contain SeaMonkey version 1.0.9 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0402.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1362
BugTraq ID: 22879
http://www.securityfocus.com/bid/22879
BugTraq ID: 24242
http://www.securityfocus.com/bid/24242
Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Cert/CC Advisory: TA07-151A
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Debian Security Information: DSA-1300 (Google Search)
http://www.debian.org/security/2007/dsa-1300
Debian Security Information: DSA-1306 (Google Search)
http://www.debian.org/security/2007/dsa-1306
Debian Security Information: DSA-1308 (Google Search)
http://www.debian.org/security/2007/dsa-1308
http://security.gentoo.org/glsa/glsa-200706-06.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.osvdb.org/35139
http://osvdb.org/35140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securitytracker.com/id?1018162
http://www.securitytracker.com/id?1018163
http://secunia.com/advisories/25476
http://secunia.com/advisories/25490
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
SuSE Security Announcement: SUSE-SA:2007:036 (Google Search)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.ubuntu.com/usn/usn-468-1
http://www.vupen.com/english/advisories/2007/1994
XForce ISS Database: mozilla-doccookie-dos(34613)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34613
Common Vulnerability Exposure (CVE) ID: CVE-2007-1562
BugTraq ID: 23082
http://www.securityfocus.com/bid/23082
Bugtraq: 20070322 FLEA-2007-0001-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/463501/100/0/threaded
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=370559
http://www.openwall.com/lists/oss-security/2020/12/09/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431
http://www.securitytracker.com/id?1017800
http://www.ubuntu.com/usn/usn-443-1
http://www.vupen.com/english/advisories/2007/1034
XForce ISS Database: firefox-nsftpstate-information-disclosure(33119)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33119
Common Vulnerability Exposure (CVE) ID: CVE-2007-1558
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
BugTraq ID: 23257
http://www.securityfocus.com/bid/23257
Bugtraq: 20070402 APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464477/30/0/threaded
Bugtraq: 20070403 Re: APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464569/100/0/threaded
Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471455/100/0/threaded
Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471720/100/0/threaded
Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search)
http://www.securityfocus.com/archive/1/471842/100/0/threaded
Debian Security Information: DSA-1305 (Google Search)
http://www.debian.org/security/2007/dsa-1305
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://www.redhat.com/support/errata/RHSA-2007-0385.html
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securitytracker.com/id?1018008
http://secunia.com/advisories/25353
http://secunia.com/advisories/25402
http://secunia.com/advisories/25496
http://secunia.com/advisories/25529
http://secunia.com/advisories/25546
http://secunia.com/advisories/25664
http://secunia.com/advisories/25798
http://secunia.com/advisories/25894
http://secunia.com/advisories/26083
http://secunia.com/advisories/26415
http://secunia.com/advisories/35699
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/1468
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082
Common Vulnerability Exposure (CVE) ID: CVE-2007-2867
CERT/CC vulnerability note: VU#751636
http://www.kb.cert.org/vuls/id/751636
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://osvdb.org/35134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066
http://www.securitytracker.com/id?1018151
http://www.securitytracker.com/id?1018153
http://secunia.com/advisories/24406
http://secunia.com/advisories/24456
http://secunia.com/advisories/25469
http://secunia.com/advisories/25488
http://secunia.com/advisories/25489
http://secunia.com/advisories/25491
http://secunia.com/advisories/25492
http://secunia.com/advisories/25644
http://secunia.com/advisories/27423
http://secunia.com/advisories/28363
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1
http://www.vupen.com/english/advisories/2007/3664
XForce ISS Database: mozilla-layoutengine-dos(34604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34604
Common Vulnerability Exposure (CVE) ID: CVE-2007-2868
CERT/CC vulnerability note: VU#609956
http://www.kb.cert.org/vuls/id/609956
http://osvdb.org/35138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711
http://www.securitytracker.com/id?1018152
http://secunia.com/advisories/27427
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1
http://www.vupen.com/english/advisories/2007/3632
XForce ISS Database: mozilla-javascripteng-code-execution(34605)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605
Common Vulnerability Exposure (CVE) ID: CVE-2007-2869
http://osvdb.org/35135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11208
http://www.securitytracker.com/id?1018154
XForce ISS Database: firefox-autocomplete-dos(34612)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34612
Common Vulnerability Exposure (CVE) ID: CVE-2007-2870
http://osvdb.org/35136
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9547
http://www.securitytracker.com/id?1018160
http://www.securitytracker.com/id?1018161
XForce ISS Database: mozilla-addeventlistener-xss(34614)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34614
Common Vulnerability Exposure (CVE) ID: CVE-2007-2871
http://osvdb.org/35137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
XForce ISS Database: mozilla-xulpopups-spoofing(34606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.