Bug 120962 - www/seamonkey needs updating to address security issues
Summary: www/seamonkey needs updating to address security issues
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-gnome (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-22 07:50 UTC by Jordan Gordeev
Modified: 2008-02-28 06:40 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jordan Gordeev 2008-02-22 07:50:00 UTC 
Seamonkey should be updated to version 1.1.8 to address the following security issues:
MFSA 2008-10  URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
Three of these are considered to have critical impact, one - high, two - moderate and two - low.

Fix: 

Update the port to version 1.1.8.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-02-22 07:50:06 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2008-02-28 06:33:35 UTC 
mezz        2008-02-28 06:33:30 UTC

  FreeBSD ports repository

  Modified files:
    www/seamonkey        Makefile distinfo 
  Log:
  - Update to 1.1.8. [1]
  - Add "--with-default-mozilla-five-home=${PREFIX}/lib/${MOZILLA}" to fix other
    applications in the runtime. Some applications required to have set
    MOZILLA_FIVE_HOME or/and LD_LIBRARY_PATH to make it works in the runtime. Now,
    it's no longer need to set these variables, which this flag takes care of it.
    The MOZILLA_FIVE_HOME still works with this flag if someone need to use
    different one. I have learned about this flag from RPM, Debian, Gentoo ebuild
    and other packages. Have been tested in MC CVS since Dec.
  
  PR:             ports/120962 [1]
  Reminded by:    Jordan Gordeev <jgordeev@dir.bg> [1]
  Security:       - MFSA 2007-08 onUnload + document.write() memory corruption
                  - MFSA 2007-07 Embedded nulls in location.hostname confuse
                    same-domain checks
                  - MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2
                    buffer overflow
                  - MFSA 2007-05 XSS and local file access by opening blocked
                    popups
                  - MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
                  - MFSA 2007-03 Information disclosure through cache collisions
                  - MFSA 2007-02 Improvements to help protect against Cross-Site
                    Scripting attacks
                  - MFSA 2007-01 Crashes with evidence of memory corruption
                    (rv:1.8.0.10/1.8.1.2)
  
  Revision  Changes    Path
  1.274     +7 -5      ports/www/seamonkey/Makefile
  1.101     +3 -3      ports/www/seamonkey/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Jeremy Messenger freebsd_committer freebsd_triage 2008-02-28 06:33:53 UTC 
State Changed
From-To: open->closed

Committed, thanks for remind.