http://www.mozilla.org/security/announce/2011/m...">
Mozilla Seamonkey suite was updated to version 2.3.
The update fixes bugs and security issues. Following
security issues were fixed:
<a href=โhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.htโ>http://www.mozilla.org/security/announce/2011/mfsa2011-33.ht</a>
ml Mozilla Foundation Security Advisory 2011-33 (MFSA
2011-33) Mozilla Foundation Security Advisory 2011-33
Aral Yaman reported a WebGL crash which affected
SeaMonkey 2.2. (CVE-2011-2989)
Vivekanand Bolajwar reported a JavaScript crash which
affected SeaMonkey 2.2. (CVE-2011-2991)
Bert Hubert and Theo Snelleman of Fox-IT reported a crash
in the Ogg reader which affected SeaMonkey 2.2.
(CVE-2011-2992)
Mozilla developers and community members Robert Kaiser,
Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph
Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and
Jonathan Watt reported memory safety issues which affected
SeaMonkey 2.2. (CVE-2011-2985)
Rafael Gieschke reported that unsigned JavaScript could
call into script inside a signed JAR thereby inheriting the
identity of the site that signed the JAR as well as any
permissions that a user had granted the signed JAR.
(CVE-2011-2993)
Michael Jordon of Context IS reported that an overly long
shader program could cause a buffer overrun and crash in a
string class used to store the shader source code.
(CVE-2011-2988)
Michael Jordon of Context IS reported a potentially
exploitable heap overflow in the ANGLE library used by
Mozillaโs WebGL implementation. (CVE-2011-2987)
Security researcher regenrecht reported via
TippingPointโs Zero Day Initiative that a SVG text
manipulation routine contained a dangling pointer
vulnerability. (CVE-2011-0084)
Mike Cardwell reported that Content Security Policy
violation reports failed to strip out proxy authorization
credentials from the list of request headers. Daniel Veditz
reported that redirecting to a website with Content
Security Policy resulted in the incorrect resolution of
hosts in the constructed policy. (CVE-2011-2990)
nasalislarvatus3000 reported that when using Windows D2D
hardware acceleration, image data from one domain could be
inserted into a canvas and read by a different domain.
(CVE-2011-2986)