Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- CRLF injection vulnerability in Mozilla Firefox 4.x
through 10.0, Firefox ESR 10.x before 10.0.3,
Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x
before 10.0.3, and SeaMonkey before 2.8 allows remote
web servers to bypass intended Content Security Policy
(CSP) restrictions and possibly conduct cross-site
scripting (XSS) attacks via crafted HTTP headers.
(CVE-2012-0451)

- Mozilla Firefox before 3.6.28 and 4.x through 10.0,
Firefox ESR 10.x before 10.0.3, Thunderbird before
3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before
10.0.3, and SeaMonkey before 2.8 do not properly
restrict drag-and-drop operations on javascript: URLs,
which allows user-assisted remote attackers to conduct
cross-site scripting (XSS) attacks via a crafted web
page, related to a 'DragAndDropJacking' issue.
(CVE-2012-0455)

- The SVG Filters implementation in Mozilla Firefox before
3.6.28 and 4.x through 10.0, Firefox ESR 10.x before
10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0,
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
2.8 might allow remote attackers to obtain sensitive
information from process memory via vectors that trigger
an out-of-bounds read. (CVE-2012-0456)

- Use-after-free vulnerability in the
nsSMILTimeValueSpec::ConvertBetweenTimeContainer
function in Mozilla Firefox before 3.6.28 and 4.x
through 10.0, Firefox ESR 10.x before 10.0.3,
Thunderbird before 3.1.20 and 5.0 through 10.0,
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
2.8 might allow remote attackers to execute arbitrary
code via an SVG animation. (CVE-2012-0457)

- Mozilla Firefox before 3.6.28 and 4.x through 10.0,
Firefox ESR 10.x before 10.0.3, Thunderbird before
3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before
10.0.3, and SeaMonkey before 2.8 do not properly
restrict setting the home page through the dragging of a
URL to the home button, which allows user-assisted
remote attackers to execute arbitrary JavaScript code
with chrome privileges via a javascript: URL that is
later interpreted in the about:sessionrestore context.
(CVE-2012-0458)

- The Cascading Style Sheets (CSS) implementation in
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x
before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird
ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows
remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code
via dynamic modification of a keyframe followed by
access to the cssText of the keyframe. (CVE-2012-0459)

- Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x
before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird
ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not
properly restrict write access to the window.fullScreen
object, which allows remote attackers to spoof the user
interface via a crafted web page. (CVE-2012-0460)

- Multiple unspecified vulnerabilities in the browser
engine in Mozilla Firefox before 3.6.28 and 4.x through
10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before
3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before
10.0.3, and SeaMonkey before 2.8 allow remote attackers
to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code
via unknown vectors. (CVE-2012-0461)

- Multiple unspecified vulnerabilities in the browser
engine in Mozilla Firefox 4.x through 10.0, Firefox ESR
10.x before 10.0.3, Thunderbird 5.0 through 10.0,
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
2.8 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors.
(CVE-2012-0462)

- Use-after-free vulnerability in the browser engine in
Mozilla Firefox before 3.6.28 and 4.x through 10.0,
Firefox ESR 10.x before 10.0.3, Thunderbird before
3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before
10.0.3, and SeaMonkey before 2.8 allows remote attackers
to execute arbitrary code via vectors involving an empty
argument to the array.join function in conjunction with
the triggering of garbage collection. (CVE-2012-0464)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?55b32ed8

Solution :

Upgrade to Solaris 11/11 SRU 8.5.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80785 ()

Bugtraq ID:

CVE ID: CVE-2012-0451
CVE-2012-0455
CVE-2012-0456
CVE-2012-0457
CVE-2012-0458
CVE-2012-0459
CVE-2012-0460
CVE-2012-0461
CVE-2012-0462
CVE-2012-0464

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now