Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0781
The remote host is missing updates announced in
advisory RHSA-2010:0781.

SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2010-3176, CVE-2010-3180)

A flaw was found in the way the Gopher parser in SeaMonkey converted text
into HTML. A malformed file name on a Gopher server could, when accessed by
a victim running SeaMonkey, allow arbitrary JavaScript to be executed in
the context of the Gopher domain. (CVE-2010-3177)

A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH
variable was appending a . character, which could allow a local attacker
to execute arbitrary code with the privileges of a different user running
SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled
directory. (CVE-2010-3182)

It was found that the SSL DHE (Diffie-Hellman Ephemeral) mode
implementation for key exchanges in SeaMonkey accepted DHE keys that were
256 bits in length. This update removes support for 256 bit DHE keys, as
such keys are easily broken using modern hardware. (CVE-2010-3173)

A flaw was found in the way SeaMonkey matched SSL certificates when the
certificates had a Common Name containing a wildcard and a partial IP
address. SeaMonkey incorrectly accepted connections to IP addresses that
fell within the SSL certificate's wildcard range as valid SSL connections,
possibly allowing an attacker to conduct a man-in-the-middle attack.

All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3170
Debian Security Information: DSA-2123 (Google Search)
SuSE Security Announcement: SUSE-SR:2010:020 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-3173
Common Vulnerability Exposure (CVE) ID: CVE-2010-3176
BugTraq ID: 44243
Debian Security Information: DSA-2124 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-3177
Common Vulnerability Exposure (CVE) ID: CVE-2010-3180
BugTraq ID: 44248
Common Vulnerability Exposure (CVE) ID: CVE-2010-3182
BugTraq ID: 44251
CopyrightCopyright (c) 2010 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.