summaryrefslogtreecommitdiff
blob: 956a384ea05af0309ca9dc5a1e8846b8d1dc1bad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200701-04">
  <title>SeaMonkey: Multiple vulnerabilities</title>
  <synopsis>
    Multiple vulnerabilities have been reported in the SeaMonkey project, some
    of which may allow the remote execution of arbitrary code.
  </synopsis>
  <product type="ebuild">seamonkey</product>
  <announced>2007-01-10</announced>
  <revised count="01">2007-01-10</revised>
  <bug>158576</bug>
  <access>remote</access>
  <affected>
    <package name="www-client/seamonkey" auto="yes" arch="*">
      <unaffected range="ge">1.0.7</unaffected>
      <vulnerable range="lt">1.0.7</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    The SeaMonkey project is a community effort to deliver
    production-quality releases of code derived from the application
    formerly known as the 'Mozilla Application Suite'.
    </p>
  </background>
  <description>
    <p>
    An anonymous researcher found evidence of memory corruption in the way
    SeaMonkey handles certain types of SVG comment DOM nodes. Georgi
    Guninski and David Bienvenu discovered buffer overflows in the
    processing of long "Content-Type:" and long non-ASCII MIME email
    headers. Additionally, Frederik Reiss discovered a heap-based buffer
    overflow in the conversion of a CSS cursor. Several other issues with
    memory corruption were also fixed. SeaMonkey also contains less severe
    vulnerabilities involving JavaScript and Java.
    </p>
  </description>
  <impact type="high">
    <p>
    An attacker could entice a user to load malicious JavaScript or a
    malicious web page with a SeaMonkey application, possibly leading to
    the execution of arbitrary code with the rights of the user running
    those products. An attacker could also perform cross-site scripting
    attacks, leading to the exposure of sensitive information, like user
    credentials. Note that the execution of JavaScript or Java applets is
    disabled by default in the SeaMonkey email client, and enabling it is
    strongly discouraged.
    </p>
  </impact>
  <workaround>
    <p>
    There are no known workarounds for all the issues at this time.
    </p>
  </workaround>
  <resolution>
    <p>
    All SeaMonkey users should upgrade to the latest version:
    </p>
    <code>
    # emerge --sync
    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.0.7"</code>
  </resolution>
  <references>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497">CVE-2006-6497</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498">CVE-2006-6498</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499">CVE-2006-6499</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500">CVE-2006-6500</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501">CVE-2006-6501</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502">CVE-2006-6502</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503">CVE-2006-6503</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504">CVE-2006-6504</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6505">CVE-2006-6505</uri>
  </references>
  <metadata tag="submitter" timestamp="2006-12-28T16:02:48Z">
    falco
  </metadata>
  <metadata tag="bugReady" timestamp="2007-01-10T21:26:08Z">
    falco
  </metadata>
</glsa>