Sun Alert 269468 Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution

font size: decrease font size increase font size
Rate this article
View Comments

Product: Solaris 10 Operating System OpenSolarisSecurity vulnerabilities in thunderbird(1) related to handling of SSL server certificates may allow remote SSL servers with crafted server certificates to compromise an encrypted communication or cause arbitrary code execution with the privileges of a Thunderbird user. The following Mozilla advisories describe the vulnerabilities:http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.mozilla.org/security/announce/2009/mfsa2009-43.html Additional references: CVE-2009-2404 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 CVE-2009-2408 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 State: PreliminaryFirst released: 09-Oct-2009Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1

Product: Solaris 10 Operating System OpenSolaris

Security vulnerabilities in thunderbird(1) related to handling of SSL server certificates
may allow remote SSL servers with crafted server certificates to compromise an encrypted
communication or cause arbitrary code execution with the privileges of a Thunderbird user.

The following Mozilla advisories describe the vulnerabilities:
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html

http://www.mozilla.org/security/announce/2009/mfsa2009-43.html

Additional references:

CVE-2009-2404 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404

CVE-2009-2408 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408

State: Preliminary

First released: 09-Oct-2009

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1

Read Full Article

Written on Thursday, 08 October 2009 19:00 by GSO

Viewed 13 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking News Network Security & Hacking News / Subscribe to the RSS feed of Global Security News Global Security News

Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on Linux posted on Monday, 29 November 1999 16:00
Re: /proc filesystem allows bypassing directory permissions on Linux
Vuln: IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability posted on Monday, 26 October 2009 12:00
IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability
Bugtraq: Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow. posted on Monday, 29 November 1999 16:00
Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
Bugtraq: Rising Multiple Products Local Privilege Escalation Vulnerability posted on Monday, 29 November 1999 16:00
Rising Multiple Products Local Privilege Escalation Vulnerability
Bugtraq: {PRL} Rising Firewall 2009 Privilege Escalation posted on Monday, 29 November 1999 16:00
{PRL} Rising Firewall 2009 Privilege Escalation

Latest 'tweets' from GovernmentSecurity

GovernmentSecurity.org has started an IdeaScale Community - http://gso.ideascale.com - Join now and let us know what you want to see on GSO Link Friday, 05 March 2010 12:27
News Update: GSO Management - GovernmentSecurity.org Privacy Policy: GSO Manageme.. http://bit.ly/brrB3X | #Security Link Wednesday, 27 January 2010 10:17
Blog Update: Main Site Alternate Colors: As many of you have noticed we recently launch.. http://bit.ly/4xdQhh | #Security Link Tuesday, 19 January 2010 08:51
New Article: Netgear Router Hack Pt. 1 by Kenny: Hello all Kenny from GSO create this d.. http://bit.ly/5xwvtP | #Security Link Tuesday, 01 December 2009 15:09
News Update: Netgear Router Hack Pt. 1 by Kenny: Hello all Kenny from GSO Admin here sh.. http://bit.ly/8fLBD5 | #Security Link Tuesday, 01 December 2009 14:34

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

Our Sponsors

Member Login

Security Forums

Security Articles

Hacking News

Info Security

Tech Blog

GSO Menu