ports/120962: www/seamonkey needs updating to address security issues
Jordan Gordeev
jgordeev at dir.bg
Fri Feb 22 07:50:01 UTC 2008
>Number: 120962
>Category: ports
>Synopsis: www/seamonkey needs updating to address security issues
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 22 07:50:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Jordan Gordeev
>Release: FreeBSD 6.3
>Organization:
>Environment:
>Description:
Seamonkey should be updated to version 1.1.8 to address the following security issues:
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
Three of these are considered to have critical impact, one - high, two - moderate and two - low.
>How-To-Repeat:
>Fix:
Update the port to version 1.1.8.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list