[PCWorks] Mozilla SeaMonkey Multiple Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Wed, 28 Oct 2009 22:02:16 -0500
TITLE:
Mozilla SeaMonkey Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA37173
VERIFY ADVISORY:
http://secunia.com/advisories/37173/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla SeaMonkey,
which
can be exploited by malicious people to manipulate certain data
or
compromise a user's system.
1) An error exists when parsing regular expressions used in
Proxy
Auto-configuration (PAC). This can be exploited to cause a
crash or
potentially execute arbitrary code via specially crafted
configured
PAC files.
2) An error when processing GIF color maps can be exploited to
cause
a heap-based buffer overflow and potentially execute arbitrary
code
via a specially crafted GIF file.
3) An error when downloading files can be exploited to display
different file names in the download dialog title bar and
dialog
body. This can be exploited to obfuscate file names via a
right-to-left override character and potentially trick a user
into
running an executable file.
SOLUTION:
Upgrade to version 2.0.
Do not visit untrusted websites or follow untrusted links.
ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
