news.debuntu.org

Resolved Bugs453007 - CVE-2008-2811 Firefox block reflow flaw452711 - CVE-2008-2809 Firefox self signed certificate flaw452597 - CVE-2008-2798 Firefox malformed web content flaws452598 - CVE-2008-2799 Firefox javascript arbitrary code execution452605 - CVE-2008-2801 Firefox arbitrary signed JAR code execution452712 - CVE-2008-2810 Firefox arbitrary file disclosure452604 - CVE-2008-2805 Firefox arbitrary file disclosure453955 - CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2801 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 Multiple seamonkey vulnerabilities [Fedora 9]452710 - CVE-2008-2808 Firefox file location escaping flaw452599 - CVE-2008-2800 Firefox XSS attacks452602 - CVE-2008-2803 Firefox javascript arbitrary code execution452709 - CVE-2008-2807 Firefox .properties memory leak452600 - CVE-2008-2802 Firefox arbitrary JavaScript code executionUpdated seamonkey packages that fix several security issues are now available for Fedora 9.
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite.
Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800)
Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)
A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807)
A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808)
A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809)
Updated packages update Seamonkey to upstream version 1.1.10 to address these flaws:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seam...