Tuesday, September 21, 2010

Thunderbird: Several dangling pointer vulnerabilities

Users of Thunderbird please be advised of a Several dangling pointer vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
USN-978-2: [USN-978-2] Thunderbird regression

Original advisory details:



Several dangling pointer vulnerabilities were discovered in Thunderbird. An

attacker could exploit this to crash Thunderbird or possibly run arbitrary

code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,

CVE-2010-3167)



It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper

did not always honor the same-origin policy. If JavaScript was enabled, an

attacker could exploit this to run untrusted JavaScript from other domains.

(CVE-2010-2763)


Read more at www.criticalwatch.com
 
See this Amp at http://bit.ly/dhPFF4

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)