TITLE:
Mozilla SeaMonkey Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA23422
VERIFY ADVISORY:
http://secunia.c
om/advisories/23422/
CRITICAL:
Highly critical
IMPACT:
Cross Site Scripting, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla SeaMonkey 1.x
http://secunia.com/p
roduct/9126/
DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla
SeaMonkey,
which can be exploited by malicious people to conduct
cross-site
scripting attacks and potentially compromise a user's
system.
See vulnerabilities #1 through #7 for more information:
SA23282
The following two vulnerabilities have also been reported:
1) A boundary error within the processing of mail headers
can
be
exploited to cause a heap-based buffer overflow via an
overly
long
"Content-Type" header in an external message body.
2) A boundary error within the processing of rfc2047-encoded
headers
can be exploited to cause a heap-based buffer overflow.
SOLUTION:
Update to version 1.0.7.
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa
2006-74.html
OTHER REFERENCES:
SA23282:
http://secunia.c
om/advisories/23282/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|