X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103177 Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data

Guest Author
Product: Firefox 2.0, Solaris 10 Operating System

Multiple security vulnerabilities in the Firefox and Thunderbird applications shipped with Solaris 10 may allow local and remote unprivileged users to inject arbitrary URLs into affected web pages, execute arbitrary code on a remote machine, gain access to unauthorized data or cause a Denial of Service (DoS).

The following Mozilla advisories describe the vulnerabilities:

http://www.mozilla.org/security/announce/2007/mfsa2007-18.html

http://www.mozilla.org/security/announce/2007/mfsa2007-19.html

http://www.mozilla.org/security/announce/2007/mfsa2007-20.html

http://www.mozilla.org/security/announce/2007/mfsa2007-21.html

http://www.mozilla.org/security/announce/2007/mfsa2007-22.html

http://www.mozilla.org/security/announce/2007/mfsa2007-24.html

http://www.mozilla.org/security/announce/2007/mfsa2007-25.html

http://www.mozilla.org/security/announce/2007/mfsa2007-26.html

http://www.mozilla.org/security/announce/2007/mfsa2007-27.html

http://www.mozilla.org/security/announce/2007/mfsa2007-28.html

http://www.mozilla.org/security/announce/2007/mfsa2007-29.html

http://www.mozilla.org/security/announce/2007/mfsa2007-30.html

http://www.mozilla.org/security/announce/2007/mfsa2007-31.html

http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

http://www.mozilla.org/security/announce/2007/mfsa2007-33.html

http://www.mozilla.org/security/announce/2007/mfsa2007-34.html

http://www.mozilla.org/security/announce/2007/mfsa2007-35.html

Additional references:

CERT Technical Cyber Security Alert TA07-199A at http://www.us-cert.gov/cas/techalerts/TA07-199A.html

US-CERT VU#143297 at http://www.kb.cert.org/vuls/id/143297

US-CERT VU#783400 at http://www.kb.cert.org/vuls/id/783400

US-CERT VU#403150 at http://www.kb.cert.org/vuls/id/403150

Avoidance: Patch, Workaround
State: Workaround
First released: 18-Dec-2007

Join the discussion

Comments ( 1 )
  • Security Guard Sunday, December 23, 2007

    Very Useful

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.