Test ID:	1.3.6.1.4.1.25623.1.0.63710
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0398
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0398.;;SeaMonkey is an open source Web browser, email and newsgroup client, IRC;chat client, and HTML editor.;;A memory corruption flaw was discovered in the way SeaMonkey handles XML;files containing an XSLT transform. A remote attacker could use this flaw;to crash SeaMonkey or, potentially, execute arbitrary code as the user;running SeaMonkey. (CVE-2009-1169);;A flaw was discovered in the way SeaMonkey handles certain XUL garbage;collection events. A remote attacker could use this flaw to crash SeaMonkey;or, potentially, execute arbitrary code as the user running SeaMonkey.;(CVE-2009-1044);;All SeaMonkey users should upgrade to these updated packages, which correct;these issues. After installing the update, SeaMonkey must be restarted for;the changes to take effect.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0398. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1044 BugTraq ID: 34181 http://www.securityfocus.com/bid/34181 Bugtraq: 20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/502303/100/0/threaded Debian Security Information: DSA-1756 (Google Search) http://www.debian.org/security/2009/dsa-1756 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:084 http://blogs.zdnet.com/security/?p=2934 http://blogs.zdnet.com/security/?p=2941 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://news.cnet.com/8301-1009_3-10199652-83.html http://twitter.com/tippingpoint1/status/1351635812 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 http://www.zerodayinitiative.com/advisories/ZDI-09-015 http://osvdb.org/52896 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368 http://www.redhat.com/support/errata/RHSA-2009-0397.html http://www.redhat.com/support/errata/RHSA-2009-0398.html http://www.securitytracker.com/id?1021878 http://secunia.com/advisories/34471 http://secunia.com/advisories/34505 http://secunia.com/advisories/34510 http://secunia.com/advisories/34511 http://secunia.com/advisories/34521 http://secunia.com/advisories/34527 http://secunia.com/advisories/34549 http://secunia.com/advisories/34550 http://secunia.com/advisories/34792 SuSE Security Announcement: SUSE-SA:2009:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html http://www.ubuntu.com/usn/usn-745-1 http://www.vupen.com/english/advisories/2009/0864 Common Vulnerability Exposure (CVE) ID: CVE-2009-1169 1021939 http://www.securitytracker.com/id?1021939 34235 http://www.securityfocus.com/bid/34235 34471 34486 http://secunia.com/advisories/34486 34505 34510 34511 34521 34527 34549 34550 34792 8285 https://www.exploit-db.com/exploits/8285 ADV-2009-0853 http://www.vupen.com/english/advisories/2009/0853 DSA-1756 FEDORA-2009-3099 FEDORA-2009-3100 FEDORA-2009-3101 MDVSA-2009:084 RHSA-2009:0397 RHSA-2009:0398 SUSE-SA:2009:022 SUSE-SA:2009:023 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html USN-745-1 http://blogs.zdnet.com/security/?p=3013 http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm http://www.mozilla.org/security/announce/2009/mfsa2009-12.html https://bugzilla.mozilla.org/show_bug.cgi?id=460090 https://bugzilla.mozilla.org/show_bug.cgi?id=485217 https://bugzilla.mozilla.org/show_bug.cgi?id=485286 mozilla-xslt-code-execution(49439) https://exchange.xforce.ibmcloud.com/vulnerabilities/49439 oval:org.mitre.oval:def:11372 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.