seamonkey-2.53.9.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10590 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z seamonkey-2.53.9.1-1.1 on GA media These are all security issues fixed in the seamonkey-2.53.9.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10590 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10590 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2007-4879/ SUSE CVE CVE-2007-4879 page https://www.suse.com/security/cve/CVE-2008-0412/ SUSE CVE CVE-2008-0412 page https://www.suse.com/security/cve/CVE-2008-0414/ SUSE CVE CVE-2008-0414 page https://www.suse.com/security/cve/CVE-2008-0415/ SUSE CVE CVE-2008-0415 page https://www.suse.com/security/cve/CVE-2008-0418/ SUSE CVE CVE-2008-0418 page https://www.suse.com/security/cve/CVE-2008-0419/ SUSE CVE CVE-2008-0419 page https://www.suse.com/security/cve/CVE-2008-0592/ SUSE CVE CVE-2008-0592 page https://www.suse.com/security/cve/CVE-2008-0593/ SUSE CVE CVE-2008-0593 page https://www.suse.com/security/cve/CVE-2008-1195/ SUSE CVE CVE-2008-1195 page https://www.suse.com/security/cve/CVE-2008-1233/ SUSE CVE CVE-2008-1233 page https://www.suse.com/security/cve/CVE-2008-1236/ SUSE CVE CVE-2008-1236 page https://www.suse.com/security/cve/CVE-2008-1238/ SUSE CVE CVE-2008-1238 page https://www.suse.com/security/cve/CVE-2008-1241/ SUSE CVE CVE-2008-1241 page https://www.suse.com/security/cve/CVE-2018-12359/ SUSE CVE CVE-2018-12359 page https://www.suse.com/security/cve/CVE-2018-12360/ SUSE CVE CVE-2018-12360 page https://www.suse.com/security/cve/CVE-2018-12362/ SUSE CVE CVE-2018-12362 page https://www.suse.com/security/cve/CVE-2018-12363/ SUSE CVE CVE-2018-12363 page https://www.suse.com/security/cve/CVE-2018-12364/ SUSE CVE CVE-2018-12364 page https://www.suse.com/security/cve/CVE-2018-12365/ SUSE CVE CVE-2018-12365 page https://www.suse.com/security/cve/CVE-2018-12366/ SUSE CVE CVE-2018-12366 page https://www.suse.com/security/cve/CVE-2018-5156/ SUSE CVE CVE-2018-5156 page https://www.suse.com/security/cve/CVE-2018-5188/ SUSE CVE CVE-2018-5188 page openSUSE Tumbleweed seamonkey-2.53.9.1-1.1 seamonkey-dom-inspector-2.53.9.1-1.1 seamonkey-irc-2.53.9.1-1.1 seamonkey-2.53.9.1-1.1 as a component of openSUSE Tumbleweed seamonkey-dom-inspector-2.53.9.1-1.1 as a component of openSUSE Tumbleweed seamonkey-irc-2.53.9.1-1.1 as a component of openSUSE Tumbleweed Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. CVE-2007-4879 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4879.html CVE-2007-4879 https://bugzilla.suse.com/370353 SUSE Bug 370353 The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors. CVE-2008-0412 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0412.html CVE-2008-0412 https://bugzilla.suse.com/354469 SUSE Bug 354469 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." CVE-2008-0414 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0414.html CVE-2008-0414 https://bugzilla.suse.com/354469 SUSE Bug 354469 Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." CVE-2008-0415 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0415.html CVE-2008-0415 https://bugzilla.suse.com/354469 SUSE Bug 354469 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. CVE-2008-0418 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0418.html CVE-2008-0418 https://bugzilla.suse.com/354469 SUSE Bug 354469 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. CVE-2008-0419 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0419.html CVE-2008-0419 https://bugzilla.suse.com/354469 SUSE Bug 354469 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. CVE-2008-0592 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0592.html CVE-2008-0592 https://bugzilla.suse.com/354469 SUSE Bug 354469 Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. CVE-2008-0593 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0593.html CVE-2008-0593 https://bugzilla.suse.com/354469 SUSE Bug 354469 Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. CVE-2008-1195 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1195.html CVE-2008-1195 https://bugzilla.suse.com/368134 SUSE Bug 368134 https://bugzilla.suse.com/370353 SUSE Bug 370353 https://bugzilla.suse.com/379038 SUSE Bug 379038 https://bugzilla.suse.com/404983 SUSE Bug 404983 Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." CVE-2008-1233 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1233.html CVE-2008-1233 https://bugzilla.suse.com/370353 SUSE Bug 370353 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. CVE-2008-1236 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1236.html CVE-2008-1236 https://bugzilla.suse.com/370353 SUSE Bug 370353 Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. CVE-2008-1238 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1238.html CVE-2008-1238 https://bugzilla.suse.com/370353 SUSE Bug 370353 GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. CVE-2008-1241 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1241.html CVE-2008-1241 https://bugzilla.suse.com/370353 SUSE Bug 370353 A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12359 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12359.html CVE-2018-12359 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12360 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12360.html CVE-2018-12360 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12362 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12362.html CVE-2018-12362 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12363 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12363.html CVE-2018-12363 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12364 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12364.html CVE-2018-12364 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12365 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12365.html CVE-2018-12365 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12366 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12366.html CVE-2018-12366 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-5156 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5156.html CVE-2018-5156 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-5188 openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1 openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5188.html CVE-2018-5188 https://bugzilla.suse.com/1098998 SUSE Bug 1098998