Bug 19749

Summary: множественные уязвимости, MSFA 2009-16..22
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: seamonkeyAssignee: Andrey Cherepanov <cas>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: cas, mike
Version: unstable   
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/34835

Description Vladimir Lettiev 2009-04-24 01:44:21 MSD 
Обнаружены множественные уязвимости в ветке 1.1.x
MFSA 2009-22  Firefox allows Refresh header to redirect to javascript: URIs
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI

Официального исправления пока ещё не выпущено.
Comment 1 Damir Shayhutdinov 2009-06-27 07:31:51 MSD 
В 1.1.17 были исправлены следующие уязвимости:

MFSA 2009-33  Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme

Видимо, для seamonkey не все актуально.
Comment 2 Vladimir Lettiev 2009-06-28 22:24:02 MSD 
Они актуальны для seamonkey, просто они не были исправлены.