Mozilla SeaMonkey: Multiple vulnerabilities — GLSA 201701-35

Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code.

Affected Packages

www-client/seamonkey on all architectures
Affected versions < 2.46-r1
Unaffected versions >= 2.46-r1
www-client/seamonkey-bin on all architectures
Affected versions < 2.46
Unaffected versions >= 2.46

Background

Mozilla SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code.

Description

Multiple vulnerabilities have been discovered in Mozilla SeaMonkey. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla SeaMonkey users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.46-r1"
 

All Mozilla SeaMonkey-bin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.46"
 

References

Release Date
January 13, 2017

Latest Revision
January 13, 2017: 3

Severity
normal

Exploitable
remote

Bugzilla entries