漏洞信息详情

Mozilla Firefox 函数setTimeout 权限提升漏洞

• CNNVD编号：CNNVD-200907-326
• 危害等级： 超危
  
• CVE编号： CVE-2009-2471
• 漏洞类型： 其他
• 发布时间： 2009-05-07
• 威胁类型： 远程
• 更新时间： 2009-08-11
• 厂        商： mozilla
• 漏洞来源： moz_bug_r_a4 moz_b...

漏洞简介

Firefox是Mozilla所发布的开源WEB浏览器。

Mozilla Firefox 函数setTimeout 存在权限提升漏洞。在使用某些对象参数调用setTimeout()时的错误可能导致对象失去其wrapper，攻击者可以以CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome权限执行任意Javascript代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

S.u.S.E. openSUSE 10.3

S.u.S.E. mozilla-xulrunner190-1.9.0.12-1.1.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -1.9.0.12-1.1.i586.rpm

S.u.S.E. mozilla-xulrunner190-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- 1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-32bit-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-32bit-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-64bit-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- 64bit-1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.12-1.1.i586.rpm

http://download.opensuse.org/debug/update/11.0/rpm/i586/mozilla-xulrun ner190-debuginfo-1.9.0.12-1.1.i586.rpm

S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/debug/update/11.0/rpm/ppc/mozilla-xulrunn er190-debuginfo-1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/debug/update/11.0/rpm/x86_64/mozilla-xulr unner190-debuginfo-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.12-1.1.i586.rpm

http://download.opensuse.org/debug/update/11.0/rpm/i586/mozilla-xulrun ner190-debugsource-1.9.0.12-1.1.i586.rpm

S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/debug/update/11.0/rpm/ppc/mozilla-xulrunn er190-debugsource-1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/debug/update/11.0/rpm/x86_64/mozilla-xulr unner190-debugsource-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-devel-1.9.0.12-1.1.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -devel-1.9.0.12-1.1.i586.rpm

S.u.S.E. mozilla-xulrunner190-devel-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- devel-1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-devel-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-devel-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.12-1.1.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -gnomevfs-1.9.0.12-1.1.i586.rpm

S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- gnomevfs-1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-gnomevfs-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-gnomevfs-32bit-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-gnomevfs-32bit-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-gnomevfs-64bit-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- gnomevfs-64bit-1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-translations-1.9.0.12-1.1.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -translations-1.9.0.12-1.1.i586.rpm

S.u.S.E. mozilla-xulrunner190-translations-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- translations-1.9.0.12-1.1.ppc.rpm

S.u.S.E. mozilla-xulrunner190-translations-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-translations-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-translations-32bit-1.9.0.12-1.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-translations-32bit-1.9.0.12-1.1.x86_64.rpm

S.u.S.E. mozilla-xulrunner190-translations-64bit-1.9.0.12-1.1.ppc.rpm

http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- transl

参考网址

来源: VUPEN

名称: ADV-2009-1972

链接:http://www.vupen.com/english/advisories/2009/1972

来源: BID

名称: 35758

链接:http://www.securityfocus.com/bid/35758

来源: SECUNIA

名称: 35944

链接:http://secunia.com/advisories/35944

来源: FEDORA

名称: FEDORA-2009-7961

链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.HTML

来源: bugzilla.mozilla.org

链接:https://bugzilla.mozilla.org/show_bug.cgi?id=460882

来源: www.mozilla.org

链接:http://www.mozilla.org/security/announce/2009/mfsa2009-39.HTML

来源: SECUNIA

名称: 36145

链接:http://secunia.com/advisories/36145

来源: SECUNIA

名称: 36005

链接:http://secunia.com/advisories/36005

来源: SECUNIA

名称: 35914

链接:http://secunia.com/advisories/35914

来源: REDHAT

名称: RHSA-2009:1162

链接:http://rhn.redhat.com/errata/RHSA-2009-1162.HTML

来源: SUSE

名称: SUSE-SA:2009:042

链接:http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.HTML

来源: SUSE

名称: SUSE-SA:2009:039

链接:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.HTML

受影响实体

• Mozilla Firefox:3.0:Beta2  
• Mozilla Firefox:3.0:Beta5  
• Mozilla Firefox:3.0:Alpha  
• Mozilla Firefox:3.0.4  
• Mozilla Firefox:2.0.0.18  

补丁

暂无