« Sun Alert 254909... | Main | Sun Alert 238686... »
07 Apr 2009 Sun Alert 256408 Multiple Security Vulnerabilities in Firefox Versions Before 2.0.0.19 May Allow Execution of Arbitrary Code or Access to Unauthorized Data
posted by chandan in Alerts
Product: Firefox 2.0 Solaris 10 Operating System OpenSolaris

Multiple security vulnerabilities in firefox(1) versions prior to 2.0.0.19 shipped with Solaris 10 may allow an unprivileged remote user to execute arbitrary code on the system where firefox(1) is being run, gain unauthorized access to sensitive data, perform Cross-Site Scripting (XSS) attacks to bypass access controls, read or modify data in other web sites, or inject code into web pages to obtain sensitive data from the user or information stored in cookies

Certain vulnerabilities may also allow a user to crash the firefox(1) application which is a type of Denial of Service (DoS).

The following URL provides additional details about the vulnerabilities addressed in Firefox versions prior to 2.0.0.19:

http://www.mozilla.org/security/known-vulnerabilities/firefox20.html

The following CVEs correspond to the Mozilla Foundation Security Advisories referenced in the above URL for Firefox versions 2.0.0.15 through 2.0.0.19:

CVE-2008-2800  CVE-2008-2801  CVE-2008-2802  CVE-2008-2803  CVE-2008-2805
CVE-2008-2807  CVE-2008-2808  CVE-2008-2809  CVE-2008-2811  CVE-2008-2785 
CVE-2008-2933  CVE-2008-2934  CVE-2008-0016  CVE-2008-3835  CVE-2008-3836 
CVE-2008-3837  CVE-2008-4058  CVE-2008-4059  CVE-2008-4060  CVE-2008-4061 
CVE-2008-4062  CVE-2008-4063  CVE-2008-4064  CVE-2008-4065  CVE-2008-4066 
CVE-2008-4067  CVE-2008-4068  CVE-2008-4069  CVE-2008-4070  CVE-2008-4582 
CVE-2008-5012  CVE-2008-5013  CVE-2008-5014  CVE-2008-5015  CVE-2008-5016 
CVE-2008-5017  CVE-2008-5018  CVE-2008-5019  CVE-2008-0017  CVE-2008-5021 
CVE-2008-5022  CVE-2008-5023  CVE-2008-5024  CVE-2008-5500  CVE-2008-5501 
CVE-2008-5502  CVE-2008-5503  CVE-2008-5504  CVE-2008-5505  CVE-2008-5506 
CVE-2008-5507  CVE-2008-5508  CVE-2008-5510  CVE-2008-5511  CVE-2008-5512 
CVE-2008-5513


State: Resolved
First released: 07-Apr-2009
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-256408-1
Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 254909... | Main | Sun Alert 238686... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« December 2009
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.