Security update for seamonkey SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0636-1 Final 1 1 2015-03-23T16:35:15Z current 2015-03-23T16:35:15Z 2015-03-23T16:35:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for seamonkey SeaMonkey was updated to 2.33.1 to fix several vulnerabilities. The following vulnerabilities were fixed: * Privilege escalation through SVG navigation (CVE-2015-0818) * Code execution through incorrect JavaScript bounds checking elimination (CVE-2015-0817) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html E-Mail link for openSUSE-SU-2015:0636-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings seamonkey-2.33.1-53.1 seamonkey-dom-inspector-2.33.1-53.1 seamonkey-irc-2.33.1-53.1 seamonkey-translations-common-2.33.1-53.1 seamonkey-translations-other-2.33.1-53.1 The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. CVE-2015-0817 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html https://www.suse.com/security/cve/CVE-2015-0817.html CVE-2015-0817 https://bugzilla.suse.com/923495 SUSE Bug 923495 https://bugzilla.suse.com/923534 SUSE Bug 923534 Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. CVE-2015-0818 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html https://www.suse.com/security/cve/CVE-2015-0818.html CVE-2015-0818 https://bugzilla.suse.com/923495 SUSE Bug 923495 https://bugzilla.suse.com/923534 SUSE Bug 923534