Note: This is an archival copy of Security Sun Alert 239546 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019430.1.
Article ID : 1019430.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in Thunderbird for Solaris May Result in Privilege Escalation or Cross-Site Scripting (XSS)

Category
Security

Release Phase
Resolved

Bug Id
6689244, 6701932

Product
Solaris 10 Operating System
OpenSolaris

Date of Resolved Release
10-Jul-2008

Security Vulnerabilities in Thunderbird for Solaris May Result in Privilege Escalation or Cross-Site Scripting (XSS)

1. Impact

Multiple security vulnerabilities in the thunderbird(1) application shipped with Solaris 10 may allow remote unprivileged users to execute arbitrary code with the privileges of the current user or cause Cross-site Scripting (XSS) risks on sites.

The following Mozilla advisories describe the vulnerabities:


Additional references:

CVE-2008-0412 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
CVE-2008-0413 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
CVE-2008-0415 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
CVE-2008-0418 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
CVE-2008-0304 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
CVE-2008-0416 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416
CVE-2008-1233 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
CVE-2008-1234 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234
CVE-2008-1235 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235
CVE-2008-1236 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236
CVE-2008-1237 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237

2. Contributing Factors

These issues can occur in the following releases:

SPARC Platform
  • Thunderbird 2.0 for Solaris 10 without patch 125541-03
  • OpenSolaris based upon builds snv_89 or earlier
x86 Platform
  • Thunderbird 2.0 for Solaris 10 without patch 125542-03
  • OpenSolaris based upon builds snv_89 or earlier

Note: Solaris 8 and Solaris 9 do not ship Thunderbird and therefore are not affected by these issues.

OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:  

$uname -a
SunOS hostname 5.11 snv_86 i86pc i386 i86pc

3. Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.

4. Workaround

To work around the issues described in MFSA 2008-01, MFSA 2008-03, MFSA 2008-13, MFSA 2008-14 and MFSA 2008-15, disable JavaScript by doing the following:
1. Open the 'Preferences' dialog from the Edit menu.
2. Select the 'Advanced' tab
3. Select the 'General' tab.
4. Click on the 'Config Editor' button.
5. In the 'about:config' dialog that opens up, there will be a 'Filter' box.
6. Type 'javascript.allow.mailnews' in the Filter box.
7. Double click the property and set its value to 'false'.

To work around the issue described in MFSA 2008-05, disable "flat-packaged" add-ons.

To work around the issue described in MFSA 2008-12, set the "mailnews.display.disallow_mime_handlers" property to any value greater than or equal to `3' by doing the following:
  1. From the menu, go to Edit->Preferences->Advanced->Config Editor
  2. Type the property name into the Filter box (mailnews.display.disallow_mime_handlers)
  3. Right click and set its value to 3

5. Resolution

These issues are addressed in the following releases:

SPARC Platform
  • Thunderbird 2.0 for Solaris 10 with patch 125541-03 or later
  • OpenSolaris based upon builds snv_90 or later
x86 Platform
  • Thunderbird 2.0 for Solaris 10 with patch 125542-03 or later
  • OpenSolaris based upon builds snv_90 or later


For more information on Security Sun Alerts, see 1009886.1.


This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Modification History
31-Jul-2008: Updated Workaround section


References
 125541-03

 125542-03



                          



Attachments
This solution has no attachment