English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59840
Category:Fedora Local Security Checks
Title:Fedora Core 8 FEDORA-2007-2795 (seamonkey)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to seamonkey
announced via advisory FEDORA-2007-2795.

SeaMonkey is an all-in-one Internet application suite. It includes
a browser, mail/news client, IRC client, JavaScript debugger, and
a tool to inspect the DOM for web pages. It is derived from the
application formerly known as Mozilla Application Suite.

Update Information:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334).

Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340).

Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292).

The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337).

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues.
ChangeLog:

* Fri Oct 19 2007 Kai Engert - 1.1.5-2
- SeaMonkey 1.1.5
References:

[ 1 ] CVE-2007-1095
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095
[ 2 ] CVE-2007-3511
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511
[ 3 ] CVE-2007-3844
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844
[ 4 ] CVE-2007-5334
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334
[ 5 ] CVE-2007-5338
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338
[ 6 ] CVE-2007-5339
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
[ 7 ] CVE-2007-5340
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340
[ 8 ] CVE-2007-2292
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292
[ 9 ] CVE-2007-5337
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337
Updated packages:

c60f6ed451ab28753bdb1e4e63b633dcdfd47b4c seamonkey-1.1.5-2.fc8.ppc64.rpm
27210587e95e7d7d6b1326672ce9a3bacd5964d4 seamonkey-debuginfo-1.1.5-2.fc8.ppc64.rpm
55059dc06cc2e93c541246620578fb75b275d265 seamonkey-debuginfo-1.1.5-2.fc8.i386.rpm
888062d92343ed644171624388c3284d954d6ff3 seamonkey-1.1.5-2.fc8.i386.rpm
c0d5fba506b981e93f69e0da898527d6058b3d10 seamonkey-debuginfo-1.1.5-2.fc8.x86_64.rpm
58a80b87cc2c7820d04c44c7b508be00ac6117e4 seamonkey-1.1.5-2.fc8.x86_64.rpm
ebf4c5bad16da246c2b8e3f3ee9e347a76bb2a5e seamonkey-1.1.5-2.fc8.ppc.rpm
5bf1a703b24005aa282d9d7da76df2027ca715f6 seamonkey-debuginfo-1.1.5-2.fc8.ppc.rpm
8df7a8d69a83fa241821fa46fc820cdb6cb60e0e seamonkey-1.1.5-2.fc8.src.rpm

This update can be installed with the yum update program. Use
su -c 'yum update seamonkey'
at the command line. For more information, refer to Managing Software
with yum, available at http://docs.fedoraproject.org/yum/.

Solution: Apply the appropriate updates.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-2795

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1095
BugTraq ID: 22688
http://www.securityfocus.com/bid/22688
Bugtraq: 20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (Google Search)
http://www.securityfocus.com/archive/1/461007/100/0/threaded
Bugtraq: 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) (Google Search)
http://www.securityfocus.com/archive/1/461023/100/0/threaded
Bugtraq: 20071026 rPSA-2007-0225-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482876/100/200/threaded
Bugtraq: 20071029 FLEA-2007-0062-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482925/100/0/threaded
Bugtraq: 20071029 rPSA-2007-0225-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/482932/100/200/threaded
Debian Security Information: DSA-1392 (Google Search)
http://www.debian.org/security/2007/dsa-1392
Debian Security Information: DSA-1396 (Google Search)
http://www.debian.org/security/2007/dsa-1396
Debian Security Information: DSA-1401 (Google Search)
http://www.debian.org/security/2007/dsa-1401
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://lcamtuf.coredump.cx/ietrap/ff/
https://bugzilla.mozilla.org/show_bug.cgi?id=371360
http://osvdb.org/33809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://securitytracker.com/id?1018837
http://secunia.com/advisories/27276
http://secunia.com/advisories/27298
http://secunia.com/advisories/27311
http://secunia.com/advisories/27315
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27335
http://secunia.com/advisories/27336
http://secunia.com/advisories/27356
http://secunia.com/advisories/27360
http://secunia.com/advisories/27383
http://secunia.com/advisories/27387
http://secunia.com/advisories/27403
http://secunia.com/advisories/27414
http://secunia.com/advisories/27425
http://secunia.com/advisories/27480
http://secunia.com/advisories/27665
http://secunia.com/advisories/27680
http://secunia.com/advisories/28398
http://securityreason.com/securityalert/2310
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
https://usn.ubuntu.com/535-1/
http://www.ubuntu.com/usn/usn-536-1
http://www.vupen.com/english/advisories/2007/3544
http://www.vupen.com/english/advisories/2007/3587
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: ie-mozilla-onunload-dos(32647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32647
XForce ISS Database: ie-mozilla-onunload-url-spoofing(32649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32649
Common Vulnerability Exposure (CVE) ID: CVE-2007-3511
BugTraq ID: 24725
http://www.securityfocus.com/bid/24725
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html
http://sla.ckers.org/forum/read.php?3,13142
http://yathong.googlepages.com/FirefoxFocusBug.html
http://osvdb.org/37994
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763
http://secunia.com/advisories/25904
XForce ISS Database: firefox-focus-security-bypass(35299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35299
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
1018479
http://securitytracker.com/id?1018479
1018480
http://securitytracker.com/id?1018480
1018481
http://securitytracker.com/id?1018481
103177
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
20070801 FLEA-2007-0039-1 firefox
http://www.securityfocus.com/archive/1/475265/100/200/threaded
20070803 FLEA-2007-0040-1 thunderbird
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
201516
25142
http://www.securityfocus.com/bid/25142
26234
http://secunia.com/advisories/26234
26258
http://secunia.com/advisories/26258
26288
http://secunia.com/advisories/26288
26303
http://secunia.com/advisories/26303
26309
http://secunia.com/advisories/26309
26331
http://secunia.com/advisories/26331
26335
http://secunia.com/advisories/26335
26393
http://secunia.com/advisories/26393
26460
http://secunia.com/advisories/26460
26572
http://secunia.com/advisories/26572
27276
27298
27325
27326
http://secunia.com/advisories/27326
27327
27356
27414
27680
28135
http://secunia.com/advisories/28135
28363
http://secunia.com/advisories/28363
ADV-2007-3587
ADV-2007-4256
http://www.vupen.com/english/advisories/2007/4256
ADV-2008-0082
http://www.vupen.com/english/advisories/2008/0082
DSA-1344
http://www.debian.org/security/2007/dsa-1344
DSA-1345
http://www.debian.org/security/2007/dsa-1345
DSA-1346
http://www.debian.org/security/2007/dsa-1346
DSA-1391
http://www.debian.org/security/2007/dsa-1391
FEDORA-2007-2601
FEDORA-2007-3431
GLSA-200708-09
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPSBUX02153
HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
MDVSA-2008:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
RHSA-2007:0979
RHSA-2007:0980
RHSA-2007:0981
SSA:2007-213-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
SSRT061181
SSRT061236
SUSE-SA:2007:057
USN-493-1
http://www.ubuntu.com/usn/usn-493-1
USN-503-1
http://www.ubuntu.com/usn/usn-503-1
http://bugzilla.mozilla.org/show_bug.cgi?id=388121
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html
https://issues.rpath.com/browse/RPL-1600
oval:org.mitre.oval:def:9493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9493
Common Vulnerability Exposure (CVE) ID: CVE-2007-5334
1018837
20071026 rPSA-2007-0225-1 firefox
20071029 FLEA-2007-0062-1 firefox
20071029 rPSA-2007-0225-2 firefox thunderbird
26132
http://www.securityfocus.com/bid/26132
27311
27315
27335
27336
27360
27383
27387
27403
27425
27480
27665
28398
ADV-2007-3544
ADV-2008-0083
DSA-1392
DSA-1396
DSA-1401
FEDORA-2007-2664
GLSA-200711-14
MDKSA-2007:202
USN-535-1
USN-536-1
VU#349217
http://www.kb.cert.org/vuls/id/349217
http://www.mozilla.org/security/announce/2007/mfsa2007-33.html
https://bugzilla.mozilla.org/show_bug.cgi?id=391043
https://issues.rpath.com/browse/RPL-1858
mozilla-xul-page-spoofing(37286)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37286
oval:org.mitre.oval:def:11482
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482
Common Vulnerability Exposure (CVE) ID: CVE-2007-5338
1018836
http://securitytracker.com/id?1018836
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html
mozilla-xpcnativewrapper-code-execution(37288)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37288
oval:org.mitre.oval:def:10965
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965
Common Vulnerability Exposure (CVE) ID: CVE-2007-5339
1018834
http://securitytracker.com/id?1018834
1018835
http://securitytracker.com/id?1018835
1018977
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
231441
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
27313
http://secunia.com/advisories/27313
27704
http://secunia.com/advisories/27704
27744
http://secunia.com/advisories/27744
28179
http://secunia.com/advisories/28179
28636
http://secunia.com/advisories/28636
ADV-2007-3545
http://www.vupen.com/english/advisories/2007/3545
ADV-2007-4272
http://www.vupen.com/english/advisories/2007/4272
ADV-2008-0643
http://www.vupen.com/english/advisories/2008/0643
GLSA-200711-24
http://security.gentoo.org/glsa/glsa-200711-24.xml
SSA:2007-324-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
SUSE-SR:2008:002
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
VU#559977
http://www.kb.cert.org/vuls/id/559977
http://bugs.gentoo.org/show_bug.cgi?id=196481
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322%2C330563%2C341858%2C344064%2C348126%2C354645%2C361745%2C362901%2C378670%2C378682%2C379799%2C382376%2C384105%2C386382%2C386914%2C387033%2C387460%2C387844%2C391974%2C392285%2C393770%2C394014%2C394418
https://issues.rpath.com/browse/RPL-1884
mozilla-multiple-browser-code-execution(37281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37281
oval:org.mitre.oval:def:10459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10459
Common Vulnerability Exposure (CVE) ID: CVE-2007-5340
VU#755513
http://www.kb.cert.org/vuls/id/755513
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309%2C387955%2C390078%2C393537
mozilla-multiple-java-code-execution(37282)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37282
oval:org.mitre.oval:def:9622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9622
Common Vulnerability Exposure (CVE) ID: CVE-2007-2292
BugTraq ID: 23668
http://www.securityfocus.com/bid/23668
Bugtraq: 20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting (Google Search)
http://www.securityfocus.com/archive/1/466906/100/0/threaded
http://www.wisec.it/vulns.php?id=11
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195
http://www.securitytracker.com/id?1017968
http://securityreason.com/securityalert/2654
XForce ISS Database: firefox-lf-response-splitting(33981)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33981
Common Vulnerability Exposure (CVE) ID: CVE-2007-5337
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
mozilla-sftp-file-access(37287)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
oval:org.mitre.oval:def:11443
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.