Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 206429 - CVE-2006-4340 Various SeaMonkey security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571)
CVE-2006-4340 Various SeaMonkey security issues (CVE-2006-4253 CVE-2006-4565 ...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: seamonkey (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-09-14 07:52 EDT by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHSA-2006-0676
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-15 03:44:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0676 normal SHIPPED_LIVE Critical: seamonkey security update 2006-09-15 00:00:00 EDT

  None (edit)
Description Mark J. Cox 2006-09-14 07:52:09 EDT
** MFSA-2006-57 **

        Two flaws were found in the way Firefox processed certain
        regular expressions.  A malicious web page could crash the
        browser or possibly execute arbitrary code as the user running
        Firefox.  (CVE-2006-4565, CVE-2006-4566)

        CVE-2006-4565 https://bugzilla.mozilla.org/show_bug.cgi?id=346090
        CVE-2006-4566 https://bugzilla.mozilla.org/show_bug.cgi?id=346794

        ** MFSA-2006-58 **

        A flaw was found in the Firefox auto-update verfication
        system.  An attacker who has the ability to spoof a victim's
        DNS could get Firefox to download and install malicious code.
        In order to exploit this issue an attacker would also need to
        get a victim to previously accept an unverifiable certificate.
        DNS.  (CVE-2006-4567)

        CVE-2006-4567 https://bugzilla.mozilla.org/show_bug.cgi?id=340198

        ** MFSA-2006-59 **

        A flaw was found in the handling of Javascript timed events.
        A malicious web page could crash the browser or possibly
        execute arbitrary code as the user running
        Firefox. (CVE-2006-4253)


        ** MFSA-2006-60 **

        Daniel Bleichenbacher recently described an implementation
        error in RSA signature verification.  For RSA keys with
        exponent 3 it is possible for an attacker to forge a signature
        that which would be incorrectly verified by the NSS library.
        Firefox as shipped trusts several root Certificate Authorities
        that use exponent 3.  An attacker could have created a
        carefully crafted SSL certificate which be incorrectly trusted
        when their site was visited by a victim. (CVE-2006-4340)


        ** MFSA-2006-61 **

        Firefox did not properly prevent a frame in one domain from
        injecting content into a sub-frame that belongs to another
        domain, which facilitates website spoofing and other
        attacks (CVE-2006-4568)


        ** MFSA-2006-63 **

        A flaw was found in SeaMonkey Messenger triggered when a HTML message
        contained a remote image pointing to a XBL script.  An
        attacker could have created a carefully crafted message which
        would execute JavaScript if certain actions were performed on
        the email by the recipient, even if JavaScript was disabled.


        ** MFSA-2006-64 **

        A number of flaws were found in Firefox.  A malicious web page
        could crash the browser or possibly execute arbitrary code as
        the user running Firefox.  (CVE-2006-4571)

Comment 1 Mark J. Cox 2006-09-14 08:04:41 EDT
Removing CVE-2006-4567  which does not apply to SeaMonkey
Comment 4 Mark J. Cox 2006-09-15 02:33:52 EDT
now public, removing embargo
Comment 5 Red Hat Bugzilla 2006-09-15 03:44:17 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.