Bug 214447 - CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-546...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: seamonkey (Show other bugs)
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-11-07 12:54 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0734
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-08 04:48:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 1 Josh Bressers 2006-11-07 17:06:08 EST
+++ This bug was initially created as a clone of Bug #214445 +++

Seamonkey 1.0.6 is being released to fix a number of security flaws (Text taken
from the upstream advisories):


    MFSA 2006-60 reported that RSA digital signatures with a low exponent
    (typically 3) could be forged, and that this flaw was corrected in the 
    Mozilla Network Security Services (NSS) library version 3.11.3 used by 
    Firefox 2.0 and current development versions of Mozilla clients.

    Ulrich Kuehn reported that Firefox, which incorporated NSS version 
    3.10.2, was incompletely patched and remained vulnerable to a variant of 
    this attack.


    shutdown demonstrated that it was possible to modify a Script object while 
    it was executing, potentially leading to the execution of arbitrary 
    JavaScript bytecode.


    As part of the Firefox release we fixed several bugs to improve the 
    stability of the product. Some of these were crashes that showed evidence of 
    memory corruption and we presume that at least some of these could be 
    exploited to run arbitrary code with enough effort.

        Jesse Ruderman and Martijn Wargers reported crashes in the layout engine

        shutdown demonstrated that a crash in XML.prototype.hasOwnProperty was 

        Igor Bukanov and Jesse Ruderman reported potential memory corruption in 
        the JavaScript engine

These flaws also affect RHEL3 and RHEL2.1
Comment 3 Mark J. Cox (Product Security) 2006-11-08 03:06:02 EST
removing embargo, now public at http://www.mozilla.org/security/announce/
Comment 4 Red Hat Bugzilla 2006-11-08 04:48:30 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.