1. Home
  2. Security Advisories
  3. OpenSUSE
  4. openSUSE-SU-2018:2807-1

[openSUSE-SU-2018:2807-1] Security update for seamonkey

Severity Important
Affected Packages 6
CVEs 9
Info Packages References Vulnerabilities

Security update for seamonkey

This update for seamonkey fixes the following issues:

Mozilla Seamonkey was updated to 2.49.4:

Now uses Gecko 52.9.1esr (boo#1098998).

Security issues fixed with MFSA 2018-16 (boo#1098998):

  • CVE-2018-12359: Buffer overflow using computed size of canvas element
  • CVE-2018-12360: Use-after-free when using focus()
  • CVE-2018-12362: Integer overflow in SSSE3 scaler
  • CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
  • CVE-2018-12363: Use-after-free when appending DOM nodes
  • CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
  • CVE-2018-12365: Compromised IPC child process can list local filenames
  • CVE-2018-12366: Invalid data handling during QCMS transformations
  • CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

Localizations finally included again (boo#1062195)

Updated summary and description to more accurately
reflect what SeaMonkey is, giving less prominence to the long-
discontinued Mozilla Application Suite that many users may no
longer be familiar with

Update to Seamonkey 2.49.2

  • Gecko 52.6esr (including security relevant fixes) (boo#1077291)
  • fix issue in Composer
  • With some themes, the menulist- and history-dropmarker didn't show
  • Scrollbars didn't show the buttons
  • WebRTC has been disabled by default. It needs an add-on to enable it per site
  • The active title bar was not visually emphasized

Correct requires and provides handling (boo#1076907)

This update was imported from the openSUSE:Leap:15.0:Update update project.

Package Affected Version
pkg:rpm/opensuse/seamonkey?arch=x86_64&distro=opensuse-15&repo=suse-package-hub < 2.49.4-bp150.3.3.1
pkg:rpm/opensuse/seamonkey?arch=aarch64&distro=opensuse-15&repo=suse-package-hub < 2.49.4-bp150.3.3.1
pkg:rpm/opensuse/seamonkey-translations-other?arch=x86_64&distro=opensuse-15&repo=suse-package-hub < 2.49.4-bp150.3.3.1
pkg:rpm/opensuse/seamonkey-translations-other?arch=aarch64&distro=opensuse-15&repo=suse-package-hub < 2.49.4-bp150.3.3.1
pkg:rpm/opensuse/seamonkey-translations-common?arch=x86_64&distro=opensuse-15&repo=suse-package-hub < 2.49.4-bp150.3.3.1
pkg:rpm/opensuse/seamonkey-translations-common?arch=aarch64&distro=opensuse-15&repo=suse-package-hub < 2.49.4-bp150.3.3.1
ID
openSUSE-SU-2018:2807-1
Severity
important
URL
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GLUOSK2EJUPHGOY64OTIF2JORV62RASV/#GLUOSK2EJUPHGOY64OTIF2JORV62RASV
Published
2018-08-16T07:40:05
(6 years ago)
Modified
2018-08-16T07:40:05
(6 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_2807-1.json
Suse URL for openSUSE-SU-2018:2807-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GLUOSK2EJUPHGOY64OTIF2JORV62RASV/#GLUOSK2EJUPHGOY64OTIF2JORV62RASV
Suse E-Mail link for openSUSE-SU-2018:2807-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GLUOSK2EJUPHGOY64OTIF2JORV62RASV/#GLUOSK2EJUPHGOY64OTIF2JORV62RASV
Bugzilla SUSE Bug 1020631 https://bugzilla.suse.com/1020631
Bugzilla SUSE Bug 1062195 https://bugzilla.suse.com/1062195
Bugzilla SUSE Bug 1076907 https://bugzilla.suse.com/1076907
Bugzilla SUSE Bug 1077291 https://bugzilla.suse.com/1077291
Bugzilla SUSE Bug 1098998 https://bugzilla.suse.com/1098998
CVE SUSE CVE CVE-2018-12359 page https://www.suse.com/security/cve/CVE-2018-12359/
CVE SUSE CVE CVE-2018-12360 page https://www.suse.com/security/cve/CVE-2018-12360/
CVE SUSE CVE CVE-2018-12362 page https://www.suse.com/security/cve/CVE-2018-12362/
CVE SUSE CVE CVE-2018-12363 page https://www.suse.com/security/cve/CVE-2018-12363/
CVE SUSE CVE CVE-2018-12364 page https://www.suse.com/security/cve/CVE-2018-12364/
CVE SUSE CVE CVE-2018-12365 page https://www.suse.com/security/cve/CVE-2018-12365/
CVE SUSE CVE CVE-2018-12366 page https://www.suse.com/security/cve/CVE-2018-12366/
CVE SUSE CVE CVE-2018-5156 page https://www.suse.com/security/cve/CVE-2018-5156/
CVE SUSE CVE CVE-2018-5188 page https://www.suse.com/security/cve/CVE-2018-5188/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/opensuse/seamonkey?arch=x86_64&distro=opensuse-15&repo=suse-package-hub opensuse seamonkey < 2.49.4-bp150.3.3.1 opensuse-15 x86_64
Affected pkg:rpm/opensuse/seamonkey?arch=aarch64&distro=opensuse-15&repo=suse-package-hub opensuse seamonkey < 2.49.4-bp150.3.3.1 opensuse-15 aarch64
Affected pkg:rpm/opensuse/seamonkey-translations-other?arch=x86_64&distro=opensuse-15&repo=suse-package-hub opensuse seamonkey-translations-other < 2.49.4-bp150.3.3.1 opensuse-15 x86_64
Affected pkg:rpm/opensuse/seamonkey-translations-other?arch=aarch64&distro=opensuse-15&repo=suse-package-hub opensuse seamonkey-translations-other < 2.49.4-bp150.3.3.1 opensuse-15 aarch64
Affected pkg:rpm/opensuse/seamonkey-translations-common?arch=x86_64&distro=opensuse-15&repo=suse-package-hub opensuse seamonkey-translations-common < 2.49.4-bp150.3.3.1 opensuse-15 x86_64
Affected pkg:rpm/opensuse/seamonkey-translations-common?arch=aarch64&distro=opensuse-15&repo=suse-package-hub opensuse seamonkey-translations-common < 2.49.4-bp150.3.3.1 opensuse-15 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date