openSUSE Security Update : seamonkey (seamonkey-1014)

critical Nessus Plugin ID 40133

Synopsis

The remote openSUSE host is missing a security update.

Description

The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues :

- Security update to 1.1.16

- MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation

- MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9)

- Security update to 1.1.15

- MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character

- MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7)

- MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

- MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards

- MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6)

- MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies

Please note that the java openjdk plugin might not work after installing this update.

Solution

Update the affected seamonkey packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=478625

https://bugzilla.novell.com/show_bug.cgi?id=488955

https://bugzilla.novell.com/show_bug.cgi?id=489411

https://bugzilla.novell.com/show_bug.cgi?id=492354

Plugin Details

Severity: Critical

ID: 40133

File Name: suse_11_0_seamonkey-090617.nasl

Version: 1.19

Type: local

Agent: unix

Published: 7/21/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:novell:opensuse:11.0, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:seamonkey-spellchecker, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-mail

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/17/2009

Vulnerability Publication Date: 2/4/2009

Reference Information

CVE: CVE-2009-0040, CVE-2009-0352, CVE-2009-0357, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1169, CVE-2009-1303, CVE-2009-1305

CWE: 16, 200, 264, 399, 94