Full list of Seamonkey (unpatched Mozilla Suite??) vulnerabilities...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi again all,

More Seamonkey vulnerabilties...

From
<http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey>,
there is this list:

Fixed in SeaMonkey 1.0.2
------------------------
Critical - MFSA 2006-43 Privilege escalation using addSelectionListener
High     - MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
High     - MFSA 2006-41 File stealing by changing input type (variant)
Critical - MFSA 2006-40 Double-free on malformed VCard
Low      - MFSA 2006-39 "View Image" local resource linking (Windows)
Critical - MFSA 2006-38 Buffer overflow in crypto.signText()
Critical - MFSA 2006-37 Remote compromise via content-defined setter on
                        object prototypes
Critical - MFSA 2006-35 Privilege escalation through XUL persist
Moderate - MFSA 2006-34 XSS viewing javascript: frames or images from
                        context menu
High     - MFSA 2006-33 HTTP response smuggling
Critical - MFSA 2006-32 Fixes for crashes with potential memory corruption
Moderate - MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig,
                        Greasemonkey)

Similar lists exists for Firefox ("Fixed in Firefox 1.5.0.4") and
Thunderbird ("Fixed in Thunderbird 1.5.0.4") vulnerabilities on that same page.

Somehow, I suspect that if these vulnerabilities exist in Seamonkey, then
many will also exist in Mozilla-1.7.13, in Firefox-1.0.8, and
Thunderbird-1.0.8 ....

What is the Mozilla Foundation trying to do here?  Make zero-day exploits
available to malware writers to use against legacy users of Mozilla-1.7.13
Firefox-1.0.8, and Thunderbird-1.0.8 users?!?  Is there any coordination
among outside maintainers of these legacy packages (since the Mozilla
foundation's official policy is that Mozilla-1.7.13 was the end of the line
for the Mozilla suite)?  Should there be??

	Regards,

	David Eisenstein

ps:  None of the detailed MSFA's linked to from the known-vulnerabilities
page that I looked at had any CVE's listed for them.  Does anyone know if
any CVE's are assigned for these vulnerabilities?  Also, all of the
bugzilla.mozilla.org links from the MFSA's seem to be embargoed (at least
for me).  Does anyone here have access to those bug reports?


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux