Solution
Please Install the Updated Packages.
Insight
SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075)
A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077)
Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076)
A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654)
All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
Affected
seamonkey on CentOS 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2654, CVE-2009-3072, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities