漏洞信息详情
Mozilla Firefox/Thunderbird/SeaMonkey 字符编码跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200802-143
- 危害等级: 中危
- CVE编号: CVE-2008-0416
- 漏洞类型: 跨站脚本
- 发布时间: 2008-02-11
- 威胁类型: 远程
- 更新时间: 2009-03-13
- 厂 商: mozilla
- 漏洞来源: Alexey Proskuryako...
漏洞简介
Mozilla Firefox,Thunderbird,SeaMonkey存在多个跨站脚本攻击漏洞。远程攻击者可以通过某个字符编码,包括(1)被当作空白处的退格符号, (2)具有Shift_JIS编码的0x80, 以及 (3)在某个亚洲字符集(Asian character sets)中的\"zero-length non-ASCII 序列\"来注入任意WEB脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Mozilla Firefox 2.0 RC2
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla Firefox 2.0.0.10
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla SeaMonkey 1.1 beta
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla Firefox 2.0.0.10
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML">
http://www.mozilla.com/en-US/Firefox/all.HTMLMozilla Firefox 2.0.0.11
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla Firefox 2.0.0.2
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML">
http://www.mozilla.com/en-US/Firefox/all.HTMLMozilla SeaMonkey 1.0.1
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.0.2
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.0.7
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.0.8
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.0.9
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.0.99
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.1.3
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.1.4
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.1.5
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.1.6
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla SeaMonkey 1.1.7
Mozilla seamonkey-1.1.8.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.8/seamonkey-1.1.8.source.tar.gz
Mozilla Thunderbird 2.0 .4
Mozilla thunderbird 2.0.0.12
http://www.mozilla.com/en-US/thunderbird/all.HTML
Mozilla Firefox 2.0 .6
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla Firefox 2.0 .1
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla Thunderbird 2.0 .6
Mozilla thunderbird 2.0.0.12
http://www.mozilla.com/en-US/thunderbird/all.HTML
Mozilla Thunderbird 2.0 .9
Mozilla thunderbird 2.0.0.12
http://www.mozilla.com/en-US/thunderbird/all.HTML
Mozilla Firefox 2.0 .9
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla Thunderbird 2.0 8
Mozilla thunderbird 2.0.0.12
http://www.mozilla.com/en-US/thunderbird/all.HTML
Mozilla Thunderbird 2.0 .5
Mozilla thunderbird 2.0.0.12
http://www.mozilla.com/en-US/thunderbird/all.HTML
Mozilla Firefox 2.0 .5
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla Firefox 2.0 8
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
Mozilla Firefox 2.0 .7
Mozilla Mozilla Firefox Download
http://www.mozilla.com/en-US/Firefox/all.HTML
参考网址
来源: US-CERT
名称: TA08-087A
链接:http://www.us-cert.gov/cas/techalerts/TA08-087A.HTML
来源: MISC
链接:https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161
来源: XF
名称: Firefox-character-encoding-xss(40488)
链接:http://xforce.iss.net/xforce/xfdb/40488
来源: UBUNTU
名称: USN-576-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-576-1
来源: TURBO
名称: TLSA-2008-9
链接:http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
来源: GENTOO
名称: GLSA-200805-18
链接:http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
来源: VUPEN
名称: ADV-2008-2091
链接:http://www.frsirt.com/english/advisories/2008/2091/references
来源: VUPEN
名称: ADV-2008-1793
链接:http://www.frsirt.com/english/advisories/2008/1793/references
来源: DEBIAN
名称: DSA-1489
链接:http://www.debian.org/security/2008/dsa-1489
来源: DEBIAN
名称: DSA-1485
链接:http://www.debian.org/security/2008/dsa-1485
来源: DEBIAN
名称: DSA-1484
链接:http://www.debian.org/security/2008/dsa-1484
来源: SUNALERT
名称: 239546
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
来源: SUNALERT
名称: 238492
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
来源: SECUNIA
名称: 31043
链接:http://secunia.com/advisories/31043
来源: SECUNIA
名称: 30620
链接:http://secunia.com/advisories/30620
来源: SECUNIA
名称: 28879
链接:http://secunia.com/advisories/28879
来源: SECUNIA
名称: 28865
链接:http://secunia.com/advisories/28865
来源: SECUNIA
名称: 28864
链接:http://secunia.com/advisories/28864
来源: SECUNIA
名称: 28839
链接:http://secunia.com/advisories/28839
来源: JVNDB
名称: JVNDB-2008-000021
链接:http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.HTML
来源: JVN
名称: JVN#21563357
链接:http://jvn.jp/en/jp/JVN21563357/index.HTML
来源: UBUNTU
名称: USN-592-1
链接:http://www.ubuntu.com/usn/usn-592-1
来源: BID
名称: 29303
链接:http://www.securityfocus.com/bid/29303
来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/2008/mfsa2008-13.HTML
来源: SECUNIA
名称: 30327
链接:http://secunia.com/advisories/30327
来源: SECUNIA
名称: 29541
链接:http://secunia.com/advisories/29541
受影响实体
- Mozilla Firefox:2.0.0.11
- Mozilla Seamonkey:1.1.7
- Mozilla Thunderbird:2.0.0.11
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论