[Bug 297789] Re: Seamonkey should be updated to 1.1.13

Launchpad Bug Tracker 297789 at bugs.launchpad.net
Wed Nov 26 14:20:06 UTC 2008 

This bug was fixed in the package seamonkey - 1.1.13+nobinonly-0ubuntu1

---------------
seamonkey (1.1.13+nobinonly-0ubuntu1) jaunty; urgency=low

  * New security upstream release: 1.1.13 (LP: #297789)
    - CVE-2008-4582: Information stealing via local shortcut files
    - CVE-2008-5012: Image stealing via canvas and HTTP redirect
    - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
    - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
    - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
    - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
    - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
    - CVE-2008-0017: Buffer overflow in http-index-format parser
    - CVE-2008-5021: Crash and remote code execution in nsFrameManager
    - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
    - CVE-2008-5024: Parsing error in E4X default namespace
    - CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail

  * re-run autoconf2.13 to update configure patch to changed upstream codebase
    - update debian/patches/99_configure.patch

 -- Alexander Sack <asac at ubuntu.com>   Wed, 26 Nov 2008 14:54:21 +0100

** Changed in: seamonkey (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0017

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4582

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5012

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5013

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5014

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5017

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5018

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5019

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5021

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5022

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5023

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5024

-- 
Seamonkey should be updated to 1.1.13
https://bugs.launchpad.net/bugs/297789
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list