The developers have advised that all users should upgrade as soon as possible

Nov 9, 2011 15:55 GMT  ·  By

Red Hat Enterprise Linux 6.1, an enterprise Linux platform suited for a range of applications across the IT infrastructure, just got several importants security updates.

According to Red Hat developers, a flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy.

A second security update covers a cross-site scripting (XSS) flaw that was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website.

The third update refers to a flaw which was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox.

Mozilla Thunderbird is the object of the forth update. A flaw was found in the way Thunderbird handled large JavaScript scripts. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

The fifth and final update also covers Thunderbird. A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets.

The Red Hat Security Response Team has rated these updates as having moderate security impact, but nonetheless, everyone should install the updates as soon as possible.