Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. This flaw does not affect the version of SeaMonkey shipped in Red Hat Enterprise Linux 3 or 4.
This is now public http://www.mozilla.org/security/announce/2010/mfsa2010-20.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Via RHSA-2010:0332 https://rhn.redhat.com/errata/RHSA-2010-0332.html
epiphany-extensions-2.26.1-11.fc11,yelp-2.26.0-12.fc11,google-gadgets-0.11.1-6.fc11,perl-Gtk2-MozEmbed-0.08-6.fc11.10,Miro-2.5.4-3.fc11,mozvoikko-0.9.7-0.12.rc1.fc11,kazehakase-0.5.8-5.fc11.1,gnome-python2-extras-2.25.3-12.fc11,galeon-2.0.7-22.fc11,hulahop-0.4.9-13.fc11,gnome-web-photo-0.7-11.fc11,evolution-rss-0.1.4-11.fc11,chmsee-1.0.1-16.fc11,blam-1.8.5-19.fc11,epiphany-2.26.3-9.fc11,pcmanx-gtk2-0.3.9-4.20100222svn.fc11,firefox-3.5.9-1.fc11,xulrunner-1.9.1.9-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/epiphany-extensions-2.26.1-11.fc11,yelp-2.26.0-12.fc11,google-gadgets-0.11.1-6.fc11,perl-Gtk2-MozEmbed-0.08-6.fc11.10,Miro-2.5.4-3.fc11,mozvoikko-0.9.7-0.12.rc1.fc11,kazehakase-0.5.8-5.fc11.1,gnome-python2-extras-2.25.3-12.fc11,galeon-2.0.7-22.fc11,hulahop-0.4.9-13.fc11,gnome-web-photo-0.7-11.fc11,evolution-rss-0.1.4-11.fc11,chmsee-1.0.1-16.fc11,blam-1.8.5-19.fc11,epiphany-2.26.3-9.fc11,pcmanx-gtk2-0.3.9-4.20100222svn.fc11,firefox-3.5.9-1.fc11,xulrunner-1.9.1.9-1.fc11
Miro-2.5.4-3.fc12,galeon-2.0.7-22.fc12,gnome-python2-extras-2.25.3-17.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.12,gnome-web-photo-0.9-6.fc12,mozvoikko-1.0-9.fc12,firefox-3.5.9-1.fc12,xulrunner-1.9.1.9-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/Miro-2.5.4-3.fc12,galeon-2.0.7-22.fc12,gnome-python2-extras-2.25.3-17.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.12,gnome-web-photo-0.9-6.fc12,mozvoikko-1.0-9.fc12,firefox-3.5.9-1.fc12,xulrunner-1.9.1.9-1.fc12
Miro-2.5.4-3.fc12, galeon-2.0.7-22.fc12, gnome-python2-extras-2.25.3-17.fc12, perl-Gtk2-MozEmbed-0.08-6.fc12.12, gnome-web-photo-0.9-6.fc12, mozvoikko-1.0-9.fc12, firefox-3.5.9-1.fc12, xulrunner-1.9.1.9-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
epiphany-extensions-2.26.1-11.fc11, yelp-2.26.0-12.fc11, google-gadgets-0.11.1-6.fc11, perl-Gtk2-MozEmbed-0.08-6.fc11.10, Miro-2.5.4-3.fc11, mozvoikko-0.9.7-0.12.rc1.fc11, kazehakase-0.5.8-5.fc11.1, gnome-python2-extras-2.25.3-12.fc11, galeon-2.0.7-22.fc11, hulahop-0.4.9-13.fc11, gnome-web-photo-0.7-11.fc11, evolution-rss-0.1.4-11.fc11, chmsee-1.0.1-16.fc11, blam-1.8.5-19.fc11, epiphany-2.26.3-9.fc11, pcmanx-gtk2-0.3.9-4.20100222svn.fc11, firefox-3.5.9-1.fc11, xulrunner-1.9.1.9-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-2.0.4-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/seamonkey-2.0.4-1.fc12
seamonkey-2.0.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/seamonkey-2.0.4-1.fc13
seamonkey-2.0.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-2.0.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.