Sigurnosne ranjivosti uočene su u funkcijama "ReplaceItem", "Array.reduceRight", "AppendElement" i "nsXULCommandDispatcher". Uočeno je i neodgovarajuće rukovanje kolačićima (eng. cookies).
Posljedica:
Napadač ih može iskoristiti za DoS (eng. Denial of Service) napad, izvršavanje zlonamjernog programskog koda ili zaobilaženje postavljenih ograničenja.
Rješenje:
Korisnici se potiču na instalaciju ispravljenih inačica.
Oracle Solaris Thunderbird Multiple Vulnerabilities
Secunia Advisory SA47636
Release Date 2012-01-19
Criticality level Highly criticalHighly critical
Impact Security Bypass
System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
Operating System
Oracle Solaris 11 Express
Sun Solaris 10.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2011-0083 CVSS available in Customer Area
CVE-2011-0085 CVSS available in Customer Area
CVE-2011-2362 CVSS available in Customer Area
CVE-2011-2363 CVSS available in Customer Area
CVE-2011-2365 CVSS available in Customer Area
CVE-2011-2371 CVSS available in Customer Area
CVE-2011-2373 CVSS available in Customer Area
CVE-2011-2377 CVSS available in Customer Area
Description
Oracle has acknowledged multiple vulnerabilities in Thunderbird included in Solaris, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
For more information:
SA44982
Solution
Apply patches.
Further details available in Customer Area
Original Advisory
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird1
Posljednje sigurnosne preporuke