seamonkey security update
seamonkey version 2.6 fixes several security issues:
* MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety
hazards
* MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash
in the YARR regular expression library
* MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds
access
* MFSA 2011-56/CVE-2011-3663: Key detection without
JavaScript via SVG animation
* MFSA 2011-58/CVE-2011-3665: Crash scaling to
extreme sizes
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5574
Fixed bugs
bnc#737533
VUL-0: MozillaFirefox 9 / 3.6.25 and other mozilla apps
CVE#CVE-2011-3665
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled
CVE#CVE-2011-3663
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
CVE#CVE-2011-3658
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have uns
CVE#CVE-2011-3661
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CVE#CVE-2011-3660
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
