Note: This is an archival copy of Security Sun Alert 255308 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020273.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program
A security vulnerability in the Solaris XScreenSaver (see xscreensaver(1)) program may allow popup windows to appear through the lock screen and expose sensitive data. An example application affected by this issue is Thunderbird, which notifies users about new mail through popup windows.
2. Contributing Factors
This issue can occur in the following releases:
$ uname -vSystems are only impacted by this issue of they have the package SUNWxwsvr installed. To determine if this package is installed, the following command can be run:
$ pkginfo SUNWxwsvr
There are no predictable symptoms that would indicate the described vulnerability has been exploited to reveal sensitive information.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Note: The resolution patches for this issue have caused a regression
(BugID 6839026) for systems with Accessibility enabled or with Trusted extensions
Please see Sun Alert 266469 for more details at
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
14-Aug-2009: Updated Contributing Factors and Resolution sections; Resolved
27-Aug-2009: Updated Resolution section with additional Note for patches
This solution has no attachment