| Description: |
Sun Microsystems has recently released Sun Alert 256408 - Solaris 10 - Vulnerabilities in Firefox May Allow Execution of Arbitrary Code. Multiple security vulnerabilities in firefox(1) versions prior to 2.0.0.19 shipped with Solaris 10 may allow an unprivileged remote user to execute arbitrary code on the system where firefox(1) is being run, gain unauthorized access to sensitive data, perform Cross-Site Scripting (XSS) attacks to bypass access controls, read or modify data in other web sites, or inject code into web pages to obtain sensitive data from the user or information stored in cookies. Certain vulnerabilities may also allow a user to crash the firefox(1) application which is a type of Denial of Service (DoS). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 256408 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-256408-1 This bulletin addresses the following CVEs. Descriptions are available at cve.mitre.org: CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2785, CVE-2008-2933, CVE-2008-2934, CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5504, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008 |
