Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-200612-08.xml
blob: b7faa865535c7683de2b7bce8cad4a8538d51cfb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200612-08">
  <title>SeaMonkey: Multiple vulnerabilities</title>
  <synopsis>
    Multiple vulnerabilities have been identified in the SeaMonkey project.
  </synopsis>
  <product type="ebuild">seamonkey</product>
  <announced>2006-12-10</announced>
  <revised count="01">2006-12-10</revised>
  <bug>154449</bug>
  <access>remote</access>
  <affected>
    <package name="www-client/seamonkey" auto="yes" arch="*">
      <unaffected range="ge">1.0.6</unaffected>
      <vulnerable range="lt">1.0.6</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    The SeaMonkey project is a community effort to deliver
    production-quality releases of code derived from the application
    formerly known as 'Mozilla Application Suite'.
    </p>
  </background>
  <description>
    <p>
    The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode
    execution and arbitrary code execution.
    </p>
  </description>
  <impact type="high">
    <p>
    An attacker could entice a user to load malicious JavaScript or a
    malicious web page with a SeaMonkey application and execute arbitrary
    code with the rights of the user running those products. It is
    important to note that in the SeaMonkey email client, JavaScript is
    disabled by default.
    </p>
  </impact>
  <workaround>
    <p>
    There is no known workaround at this time.
    </p>
  </workaround>
  <resolution>
    <p>
    All SeaMonkey users should upgrade to the latest version:
    </p>
    <code>
    # emerge --sync
    # emerge --ask --oneshot --verbose "&gt;=www-client/seamonkey-1.0.6"</code>
  </resolution>
  <references>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462">CVE-2006-5462</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463">CVE-2006-5463</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464">CVE-2006-5464</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747">CVE-2006-5747</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748">CVE-2006-5748</uri>
  </references>
  <metadata tag="requester" timestamp="2006-11-21T06:08:42Z">
    jaervosz
  </metadata>
  <metadata tag="submitter" timestamp="2006-11-21T13:46:12Z">
    shellsage
  </metadata>
  <metadata tag="bugReady" timestamp="2006-12-10T19:01:27Z">
    falco
  </metadata>
</glsa>