Vulnerability Bulletins |
Actualización de seguridad para SeaMonkey |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
Firefox < 3.6.4 Firefox < 3.5.10 Thunderbird < 3.0.5 SeaMonkey < 2.0.5 XulRunner |
Description |
|
|
Se han descubierto múltiples vulnerabilidades en Mozilla SeaMonkey. Las vulnerabilidades son descritas a continuación: - CVE-2010-1197: La vulnerabilidad reside en un error a la hora de manejar una cabecera HTTP "Content-Disposition: attachment" cuando también se encuentra presente "Content-Type: multipart". Un atacante remoto podría ejecutar un ataque de tipo Cross-site scripting mediante la manipulación de dicha cabecera. - CVE-2010-1198: La vulnerabilidad reside en un error en la forma en que los plug-ins del navegador interactúan, ya que es posible acceder a la memoria liberada por otro. Un atacante remoto podría ejecutar código arbitrario con permisos del usuario mediante la manipulación especial de código HTML. - CVE-2010-1199: Se ha descubierto una vulnerabilidad de tipo desbordamiento de entero. La vulnerabilidad reside en un error en el procesamiento de contenido web. Un atacante remoto podría ejecutar código arbitrario con permisos del usuario mediante la manipulación especial de código HTML. - CVE-2010-1200: La vulnerabilidad reside en un error en el procesamiento de contenido web. Un atacante remoto podría ejecutar código arbitrario con permisos del usuario mediante la manipulación especial de código HTML. |
|
Solution |
|
|
Actualización de software Red Hat (RHSA-2010:0499-1) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat (RHSA-2010:0500-1) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat (RHSA-2010:0501-1) RHEL Desktop Workstation (v. 5 cliente) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux Desktop (v. 5 cliente) https://rhn.redhat.com/ Mozilla Firefox 3.6.4 Firefox 3.5.10 http://www.mozilla.org/products/firefox/ Thunderbird 3.0.5 http://www.mozilla.org/products/thunderbird/ SeaMonkey 2.0.5 http://www.seamonkey-project.org/ Debian (DSA 2064-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.dsc http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.diff.gz independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-2_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_arm.deb armel (ARM EABI) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_armel.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Red Hat (RHSA-2010:0544-1) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat (RHSA-2010:0545-1) RHEL Optional Productivity Applications (v. 5 servidor) Red Hat Enterprise Linux Desktop (v. 5 cliente) https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 |
| BID | |
Other resources |
|
|
Red Hat Security Advisory (RHSA-2010:0499-1) https://rhn.redhat.com/errata/RHSA-2010-0499.html Red Hat Security Advisory (RHSA-2010:0500-1) https://rhn.redhat.com/errata/RHSA-2010-0500.html Red Hat Security Advisory (RHSA-2010:0501-1) https://rhn.redhat.com/errata/RHSA-2010-0501.html Mozilla Foundation Security Advisory (2010-26) http://www.mozilla.org/security/announce/2010/mfsa2010-26.html Mozilla Foundation Security Advisory (2010-28) http://www.mozilla.org/security/announce/2010/mfsa2010-28.html Mozilla Foundation Security Advisory (2010-30) http://www.mozilla.org/security/announce/2010/mfsa2010-30.html Mozilla Foundation Security Advisory (2010-32) http://www.mozilla.org/security/announce/2010/mfsa2010-32.html Debian Security Advisory (DSA 2064-1) http://lists.debian.org/debian-security-announce/2010/msg00108.html SUSE Security Advisory (SUSE-SA:2010:030) http://www.novell.com/linux/security/advisories/2010_30_firefox.html Red Hat Security Advisory (RHSA-2010:0544-1) https://rhn.redhat.com/errata/RHSA-2010-0544.html Aviso emitido por Red Hat (RHSA-2010:0545-1) Advisory issued by Red Hat (RHSA-2010:0545-1) |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido, aviso emitido por Red Hat (RHSA-2010:0500-1), aviso emitido por Red Hat (RHSA-2010:0501-1), aviso emitido por Mozilla (2010-26),(2010-28),(2010-30),(2010-32) | 2010-06-23 |
| 1.1 | Aviso emitido por Debian (DSA 2064-1) | 2010-06-28 |
| 1.2 | Aviso emitido por Suse (SUSE-SA:2010:030) | 2010-07-26 |
| 1.3 | Aviso emitido por Red Hat (RHSA-2010:0544-1), aviso emitido por Red Hat (RHSA-2010:0545-1) | 2010-08-10 |