Multiple security vulnerabilities in Adobe Flash Player 9.0.159.0 and earlier 9.x versions and 10.0.22.87 and earlier 10.x versions may allow remote unprivileged users to execute arbitrary code with the privileges of a local user on the system or to cause Adobe Flash Player to crash which is a type of Denial of Service (DoS).

Also a clickjacking vulnerability in the Adobe Flash Player may allow a remote user to trick a user into selecting a link or completing a dialog.

In addition, a local sandbox vulnerability in the Adobe Flash Player may allow a remote user to obtain sensitive information via vectors involving saving a malicious SWF file to a hard drive.

These issues are also described in the following documents:
APSA09-03 at: http://www.adobe.com/support/security/advisories/apsa09-03.html
APSB09-10 at: http://www.adobe.com/support/security/bulletins/apsb09-10.html
CVE-2009-1862 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862
CVE-2009-1864 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1864
CVE-2009-1865 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1865
CVE-2009-1866 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1866
CVE-2009-1867 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1867
CVE-2009-1868 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1868
CVE-2009-1869 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1869
CVE-2009-1870 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1870 Permalink |

A security vulnerability in the Solaris XScreenSaver (see xscreensaver(1)) program may allow popup windows to appear through the lock screen and expose sensitive data. An example application affected by this issue is Thunderbird, which notifies users about new mail through popup windows.

Permalink |

Permalink |

A security vulnerability in the Solaris print service (see in.lpd(1M)) may allow a local or remote unprivileged user to cause the system to slow down and become unresponsive. This is a type of Denial of Service (DoS).

Permalink |

A security vulnerability in Solaris pollwakeup(9F) may allow a local unprivileged user
to panic the system and thereby cause a denial of service.

Sun acknowledges, with thanks, Jason Hoos for bringing this issue to our attention.

Permalink |

Multiple security vulnerabilities with varying impacts affect Firefox (see firefox(1)) versions prior to 3.5.2 as shipped with OpenSolaris. These vulnerabilities may allow an unprivileged remote user to execute arbitrary code on the system where Firefox is being run or to crash the Firefox application which is a type of Denial of Service (DoS).

The following URL provides additional details about the vulnerabilities addressed in Firefox versions 3.5.1 and 3.5.2:

The following Mozilla advisories describe the vulnerabilities:

The following are the CVE identifiers that pertain to this security issue:

Permalink |

A security vulnerability in the DNS protocol may allow remote unprivileged users to cause named(1M) to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services.

This issue is also referenced in the following documents:

Permalink | Comments [4]

Multiple integer overflow vulnerabilities in the libtiff(3) image conversion tools 'tiff2rgba' and 'rgb2ycbcr' may allow a local or remote unprivileged user to execute arbitrary code via a TIFF image with large width and height values.

This issue is also described in the following document:

Permalink |

An IP(7P) spoofing security vulnerability in certain Mid-range Sun Fire Server's firmware may allow a remote privileged/unprivileged user to gain unauthorized access to the System Controller (SC). Such users may also gain access to the system console and possibly the host operating system running on these servers.This may allow such users to power off or reset the system which is a type of Denial of Service (DoS).

Permalink |

A security vulnerability in the Solaris sendfile(3EXT) and sendfilev(3EXT) extended library functions may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS).
Permalink |

A security vulnerability in the Solaris kernel related to the interaction of the filesystem and virtual memory subsystems may allow a local unprivileged user to cause the system to slow down and eventually cease operating, thereby resulting in a Denial of Service (DoS).

Permalink |

On Sun Fire V215 servers with XVR-100 graphic cards and certain system board revisions, a security vulnerability in the system board firmware may allow a local or remote unprivileged user to panic the system and thereby cause a Denial of Service (DoS).
Permalink |

A security vulnerability in Sun Virtual Desktop Infrastructure (VDI) Software 3.0 may allow a remote privileged user to be able to view client LDAP requests for VDI configuration data.

Permalink |

Multiple security vulnerabilities have been found in libtiff(3), a library for reading and writing Tag Image File Format (TIFF) files. These vulnerabilities may allow a local or remote unprivileged user to create a carefully crafted LZW-encoded TIFF file that may cause an application linked with libtiff(3) to crash or possibly execute arbitrary code.

These issues are also described in the following document:

CVE-2008-2327 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
Permalink | Comments [1]

A security vulnerability involving xscreensaver(1) and Assistive Technology Support may allow a local user with physical access to a system to be able to unlock an X display which has been locked using xscreensaver(1) and thus gain unauthorized access to the system.
Permalink |