Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0608 -- [Solaris] Multiple Security Vulnerabilities in Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to Unauthorized Data 12 June 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Publisher: Sun Microsystems Operating System: Solaris Impact: Execute Arbitrary Code/Commands Access Confidential Data Read-only Data Access Cross-site Scripting Denial of Service Inappropriate Access Provide Misleading Information Access: Remote/Unauthenticated CVE Names: CVE-2008-1380 CVE-2008-1241 CVE-2008-1240 CVE-2008-1238 CVE-2008-1237 CVE-2008-1236 CVE-2008-1235 CVE-2008-1234 CVE-2008-1233 CVE-2008-1195 CVE-2008-0594 CVE-2008-0593 CVE-2008-0592 CVE-2008-0591 CVE-2008-0420 CVE-2008-0419 CVE-2008-0418 CVE-2008-0417 CVE-2008-0416 CVE-2008-0415 CVE-2008-0414 CVE-2008-0413 CVE-2008-0412 CVE-2007-4879 Ref: AL-2008.0014 ESB-2008.0324 Original Bulletin: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-238492-1 - --------------------------BEGIN INCLUDED TEXT-------------------- Solution Type: Sun Alert Solution 238492 : Multiple Security Vulnerabilities in Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to Unauthorized Data Bug ID: 6663845, 6681417, 6695896 Product Firefox v2.0, Solaris 10 Operating System Date of Resolved Release: 09-Jun-2008 SA Document Body Multiple security vulnerabilities in the firefox(1) application (see below for details) 1. Impact Multiple security vulnerabilities in the firefox(1) application shipped with Solaris 10 may allow local or remote unprivileged user to execute arbitrary code on a remote machine with the privileges of a local user or trick local users into confirming an unsafe action, such as remote file execution or gain access to unauthorised data and cause firefox(1) application to crash, or conduct Cross-Site Scripting (XSS) attacks on sites which allow users to upload pictures, archives, or other files. The ability to crash the firefox(1) application is a type of Denial of Service (Dos). The following Mozilla advisories describe the vulnerabities: http://www.mozilla.org/security/announce/2008/mfsa2008-01.html http://www.mozilla.org/security/announce/2008/mfsa2008-02.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-04.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-06.html http://www.mozilla.org/security/announce/2008/mfsa2008-07.html http://www.mozilla.org/security/announce/2008/mfsa2008-08.html http://www.mozilla.org/security/announce/2008/mfsa2008-09.html http://www.mozilla.org/security/announce/2008/mfsa2008-10.html http://www.mozilla.org/security/announce/2008/mfsa2008-11.html http://www.mozilla.org/security/announce/2008/mfsa2008-13.html http://www.mozilla.org/security/announce/2008/mfsa2008-14.html http://www.mozilla.org/security/announce/2008/mfsa2008-15.html http://www.mozilla.org/security/announce/2008/mfsa2008-16.html http://www.mozilla.org/security/announce/2008/mfsa2008-17.html http://www.mozilla.org/security/announce/2008/mfsa2008-18.html http://www.mozilla.org/security/announce/2008/mfsa2008-19.html http://www.mozilla.org/security/announce/2008/mfsa2008-20.html Additional references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 http://www.kb.cert.org/vuls/id/309608 http://www.kb.cert.org/vuls/id/879056 http://www.kb.cert.org/vuls/id/466521 2. Contributing Factors These issues can occur in the following releases: SPARC Platform * Firefox 2.0 for Solaris 10 without patch 125539-04 * OpenSolaris based upon builds snv_88 or earlier x86 Platform * Firefox 2.0 for Solaris 10 without patch 125540-04 * OpenSolaris based upon builds snv_88 or earlier Note: Solaris 8 and Solaris 9 do not ship Firefox and hence are not affected by these issues. Note: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows: $uname -a SunOS hostname 5.11 snv_86 i86pc i386 i86pc 3. Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. 4. Workaround To work around the issues described in CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0416, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0593, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2007-4879, CVE-2008-1195, CVE-2008-1240, CVE-2008-1241 and CVE-2008-1380 disable JavaScript by doing the following: 1. Open the "Preferences" dialog from the Edit menu 2. Select the "Content" tab 3. Uncheck the "Enable JavaScript" check box To work around the issues described in CVE-2008-0417, do not ask Firefox to save passwords on untrusted sites. To work around the issues described in CVE-2008-0418, disable "flat-packaged" add-ons. 5. Resolution These issues addressed in the following releases: SPARC Platform * Solaris 10 with patch 125539-04 or later * OpenSolaris based upon builds snv_89 or later x86 Platform * Solaris 10 with patch 125540-04 or later * OpenSolaris based upon builds snv_89 or later For more information on Security Sun Alerts, see Technical Instruction ID 213557 http://sunsolve.sun.com/search/document.do?assetkey=1-61-213557-1 This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSFB7zSh9+71yA2DNAQIPtgP+LZUrl5HbWR13gO7TLgSux9Je5MHje8L1 Hd9/5z6WHvG7tBpXuOtQZHJH7Sj8j4rexfm999tdpitUUTFTKZhk7d2eNVeUL81V fBQOJt9P+OyNslWN8ol/mVGlM43Qcech5mMDoPlqeu1t5DEKkXhekaC4eRxQJGom DUTqWBX+Uuk= =33dI -----END PGP SIGNATURE-----