TITLE: Mozilla SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37173 VERIFY ADVISORY: http://secunia.com/advisories/37173/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to manipulate certain data or compromise a user's system. 1) An error exists when parsing regular expressions used in Proxy Auto-configuration (PAC). This can be exploited to cause a crash or potentially execute arbitrary code via specially crafted configured PAC files. 2) An error when processing GIF color maps can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted GIF file. 3) An error when downloading files can be exploited to display different file names in the download dialog title bar and dialog body. This can be exploited to obfuscate file names via a right-to-left override character and potentially trick a user into running an executable file. SOLUTION: Upgrade to version 2.0. Do not visit untrusted websites or follow untrusted links. ORIGINAL ADVISORY: Mozilla Foundation: http://www.mozilla.org/security/announce/2009/mfsa2009-55.html http://www.mozilla.org/security/announce/2009/mfsa2009-56.html http://www.mozilla.org/security/announce/2009/mfsa2009-62.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-