Bug 214447

Summary: CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: seamonkeyAssignee: Christopher Aillon <caillon>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: urgent Docs Contact:
Priority: medium    
Version: 4.0CC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,reported=20061107,public=20061107,source=mozilla
Fixed In Version: RHSA-2006-0734 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-08 09:48:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Josh Bressers 2006-11-07 22:06:08 UTC 
+++ This bug was initially created as a clone of Bug #214445 +++

Seamonkey 1.0.6 is being released to fix a number of security flaws (Text taken
from the upstream advisories):

mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla

    MFSA 2006-60 reported that RSA digital signatures with a low exponent
    (typically 3) could be forged, and that this flaw was corrected in the 
    Mozilla Network Security Services (NSS) library version 3.11.3 used by 
    Firefox 2.0 and current development versions of Mozilla clients.

    Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version 
    3.10.2, was incompletely patched and remained vulnerable to a variant of 
    this attack.

mfsa2006-67
CVE-2006-5463 
impact=critical,reported=20061107,public=20061107,source=mozilla

    shutdown demonstrated that it was possible to modify a Script object while 
    it was executing, potentially leading to the execution of arbitrary 
    JavaScript bytecode.

mfsa2006-65
impact=critical,reported=20061107,public=20061107,source=mozilla

    As part of the Firefox 1.5.0.8 release we fixed several bugs to improve the 
    stability of the product. Some of these were crashes that showed evidence of 
    memory corruption and we presume that at least some of these could be 
    exploited to run arbitrary code with enough effort.

    CVE-2006-5464
        Jesse Ruderman and Martijn Wargers reported crashes in the layout engine

    CVE-2006-5747
        shutdown demonstrated that a crash in XML.prototype.hasOwnProperty was 
        exploitable

    CVE-2006-5748
        Igor Bukanov and Jesse Ruderman reported potential memory corruption in 
        the JavaScript engine

These flaws also affect RHEL3 and RHEL2.1
Comment 3 Mark J. Cox 2006-11-08 08:06:02 UTC 
removing embargo, now public at http://www.mozilla.org/security/announce/
Comment 4 Red Hat Bugzilla 2006-11-08 09:48:30 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0734.html