Redhat Security update Fixes Thunderbird Code Execution Vulnerabilities

Redhat Security update Fixes Thunderbird Code Execution Vulnerabilities

Rated as : Critical Remotely Exploitable : YesLocally Exploitable : YesRelease Date : 2008-04-03

Multiple vulnerabilities have been identified in various Redhat products, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise an affected system. These issues are caused by errors in Thunderbird. For additional information, see : FrSIRT/ADV-2008-0999ChangeLog2008-04-03 : Initial release

************   Title : Mozilla Thunderbird Code Execution and Cross Site Scripting IssuesAdvisory ID : FrSIRT/ADV-2008-0999Rated as : Critical Remotely Exploitable : YesLocally Exploitable : YesRelease Date : 2008-03-26  Multiple vulnerabilities have been identified in Mozilla Thunderbird, which could be exploited by attackers to bypass security restrictions, execute arbitrary scripting code, cause a denial of service or take complete control of an affected system.The first issue is caused by an error in the handling of "XPCNativeWrappers", which could be exploited by attackers to execute arbitrary code by calling "setTimeout()".The second vulnerability is caused by input validation errors when handling JavaScript, which could be exploited to execute arbitrary scripting code.The third issue is caused by memory corruption errors in the layout and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.CreditsVulnerabilities reported by moz_bug_r_a4, Boris Zbarsky, Johnny Stenback, Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett, Mats Palmgren, georgi, tgirmann, and Igor Bukanov.ChangeLog2008-03-25 : Initial release

Döküman Arama

Başlık :

Kapat