Note: This is an archival copy of Security Sun Alert 258748 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020452.1.
Solaris 10 Operating System
Date of Resolved Release
Multiple Security Vulnerabilities in Mozilla Thunderbird Versions Prior to 220.127.116.11 May Allow Execution of Arbitrary Code or Unauthorized Access to Data
Multiple security vulnerabilities in thunderbird(1) versions prior to 18.104.22.168 shipped with Solaris 10 may allow an unprivileged remote user to take any of the following actions:
- Execute arbitrary code on the system where thunderbird(1) is being run
- Gain unauthorized access to sensitive data
- Perform Cross-Site Scripting (XSS) attacks to bypass access controls
Certain vulnerabilities may also allow a user to crash the thunderbird(1) application, which is a type of Denial of Service (DoS).
The following URL provides additional details about the vulnerabilities addressed in Thunderbird versions prior to 22.214.171.124:
The following CVEs describe these issues in more detail:
CVE-2008-5500 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500
CVE-2008-5503 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503
CVE-2008-5506 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506
CVE-2008-5507 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507
CVE-2008-5508 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508
CVE-2008-5510 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510
CVE-2008-5511 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511
CVE-2008-5512 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512
2. Contributing Factors
These issues can occur in the following releases:
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:
$ uname -v3. Symptoms
There are no predictable symptoms that would indicate the described issues have been exploited.
1. Open the 'Preferences' dialog from the Edit menu.
2. Select the 'Advanced' tab
3. Select the 'General' tab.
4. Click on the 'Config Editor' button.
5. In the 'about:config' dialog that opens up, there will be a 'Filter' box.
7. Double click the property and set its value to 'false'.
These issues are addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment