RHSA-2010:0546: Critical: seamonkey security update

First published: Tue Jul 20 2010(Updated: )

SeaMonkey is an open source web browser, email and newsgroup client, IRC<br>chat client, and HTML editor.<br>Several flaws were found in the processing of malformed web content. A web<br>page containing malicious content could cause SeaMonkey to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)<br>A memory corruption flaw was found in the way SeaMonkey decoded certain PNG<br>images. An attacker could create a specially-crafted PNG image that, when<br>opened, could cause SeaMonkey to crash or, potentially, execute arbitrary<br>code with the privileges of the user running SeaMonkey. (CVE-2010-1205)<br>A same-origin policy bypass flaw was found in SeaMonkey. An attacker could<br>create a malicious web page that, when viewed by a victim, could steal<br>private data from a different website the victim has loaded with SeaMonkey.<br>(CVE-2010-2754)<br>A flaw was found in the way SeaMonkey displayed the location bar when<br>visiting a secure web page. A malicious server could use this flaw to<br>present data that appears to originate from a secure server, even though it<br>does not. (CVE-2010-2751)<br>All SeaMonkey users should upgrade to these updated packages, which correct<br>these issues. After installing the update, SeaMonkey must be restarted for<br>the changes to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0546
• agent/software-canonical-lookup
• package-manager/redhat