FSA/F7/FEDORA-2007-1181

[SECURITY] Fedora 7 Update: seamonkey-1.1.3-1.fc7
Fedora Update Notification FEDORA-2007-1181 2007-07-20 12:32:40.556461

Name       : seamonkey Product    : Fedora 7 Version    : 1.1.3 Release    : 1.fc7 Summary    : Web browser, e-mail, news, IRC client, HTML editor Description : SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite.

Update Information:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089)

A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656)

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues.

ChangeLog:

- SeaMonkey 1.1.3 - SeaMonkey 1.1.2
 * Fri Jul 20 2007 Kai Engert  - 1.1.3-1
 * Thu May 31 2007 Kai Engert  1.1.2-1

References:

[ 1 ] Bug #248518 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518 [ 2 ] CVE-2007-3734 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734 [ 3 ] CVE-2007-3735 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735 [ 4 ] CVE-2007-3736 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736 [ 5 ] CVE-2007-3089 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089 [ 6 ] CVE-2007-3737 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737 [ 7 ] CVE-2007-3656 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656 [ 8 ] CVE-2007-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738

Updated packages:

5c751bb8d48e168c4eaf97d7e039c0368d35ff5d seamonkey-debuginfo-1.1.3-1.fc7.ppc64.rpm 5c32e2b7896d73b435a246b7657d661f1aa8928d seamonkey-1.1.3-1.fc7.ppc64.rpm b5c5b0f54ef0c757bd9abc0826ccd54826171096 seamonkey-debuginfo-1.1.3-1.fc7.i386.rpm d00f0b7d75bc2b93b04f3d36f0c6cdb8a4e5c5ef seamonkey-1.1.3-1.fc7.i386.rpm f5084ac1bfd2c7bf479d9e3c3be0c1c2a5b50af3 seamonkey-debuginfo-1.1.3-1.fc7.x86_64.rpm 395a32d934a1a717a0a025f14914b58516abd1f8 seamonkey-1.1.3-1.fc7.x86_64.rpm eaff41df4a1891cc80c3368e559f589ec92d1211 seamonkey-1.1.3-1.fc7.ppc.rpm e05847842fac05bc647666ef6bab651bb9bf8985 seamonkey-debuginfo-1.1.3-1.fc7.ppc.rpm f50ab54a29f019925c494e1e1d3339c832825f2b seamonkey-1.1.3-1.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/.