| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2010:0499.
SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2010-1200)
A flaw was found in the way browser plug-ins interact. It was possible for
a plug-in to reference the freed memory from a different plug-in, resulting
in the execution of arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2010-1198)
An integer overflow flaw was found in the processing of malformed web
content. A web page containing malicious content could cause SeaMonkey to
crash or, potentially, execute arbitrary code with the privileges of the
user running SeaMonkey. (CVE-2010-1199)
A flaw was found in the way SeaMonkey processed mail attachments. A
specially-crafted mail message could cause SeaMonkey to crash.
(CVE-2010-0163)
A flaw was found in the way SeaMonkey handled the Content-Disposition:
attachment HTTP header when the Content-Type: multipart HTTP header was
also present. A website that allows arbitrary uploads and relies on the
Content-Disposition: attachment HTTP header to prevent content from being
displayed inline, could be used by an attacker to serve malicious content
to users. (CVE-2010-1197)
All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2010-0499.html
http://www.redhat.com/security/updates/classification/#critical
Risk factor : Critical
CVSS Score:
9.3
|
