blob: bd859b4648d68b6655e3a5d729458d2ed795ed06 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200612-08">
<title>SeaMonkey: Multiple vulnerabilities</title>
Multiple vulnerabilities have been identified in the SeaMonkey project.
<product type="ebuild">seamonkey</product>
<announced>December 10, 2006</announced>
<revised>December 10, 2006: 01</revised>
<package name="www-client/seamonkey" auto="yes" arch="*">
<unaffected range="ge">1.0.6</unaffected>
<vulnerable range="lt">1.0.6</vulnerable>
The SeaMonkey project is a community effort to deliver
production-quality releases of code derived from the application
formerly known as 'Mozilla Application Suite'.
The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode
execution and arbitrary code execution.
<impact type="high">
An attacker could entice a user to load malicious JavaScript or a
malicious web page with a SeaMonkey application and execute arbitrary
code with the rights of the user running those products. It is
important to note that in the SeaMonkey email client, JavaScript is
disabled by default.
There is no known workaround at this time.
All SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-client/seamonkey-1.0.6&quot;</code>
<uri link="">CVE-2006-5462</uri>
<uri link="">CVE-2006-5463</uri>
<uri link="">CVE-2006-5464</uri>
<uri link="">CVE-2006-5747</uri>
<uri link="">CVE-2006-5748</uri>
<metadata tag="requester" timestamp="Tue, 21 Nov 2006 06:08:42 +0000">
<metadata tag="submitter" timestamp="Tue, 21 Nov 2006 13:46:12 +0000">
<metadata tag="bugReady" timestamp="Sun, 10 Dec 2006 19:01:27 +0000">