漏洞信息详情
Mozilla Firefox浏览器引擎远程内存破坏漏洞
- CNNVD编号:CNNVD-201002-209
- 危害等级: 超危
- CVE编号: CVE-2010-0159
- 漏洞类型: 资料不足
- 发布时间: 2010-02-22
- 威胁类型: 远程
- 更新时间: 2010-02-24
- 厂 商: mozilla
- 漏洞来源: Bob Clary
漏洞简介
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。
Firefox浏览器引擎的layout/generic/nsBlockFrame.cpp文件中的nsBlockFrame::StealFrame函数中存在内存破坏漏洞。用户受骗访问了恶意网页就可能触发这个漏洞,导致浏览器崩溃或执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Slackware Linux 12.2
Slackware seamonkey-2.0.3-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ seamonkey-2.0.3-i486-1_slack12.2.tgz
Slackware mozilla-Firefox-3.0.18-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ mozilla-Firefox-3.0.18-i686-1.tgz
S.u.S.E. openSUSE 11.0
SuSE MozillaFirefox-translations-3.0.18-0.1.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/MozillaFirefox-transl ations-3.0.18-0.1.ppc.rpm
SuSE mozilla-xulrunner190-translations-1.9.0.18-0.1.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- translations-1.9.0.18-0.1.ppc.rpm
SuSE mozilla-xulrunner190-1.9.0.18-0.1.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -1.9.0.18-0.1.i586.rpm
SuSE mozilla-xulrunner190-translations-1.9.0.18-0.1.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -translations-1.9.0.18-0.1.i586.rpm
Slackware Linux x86_64 -current
Slackware seamonkey-2.0.3-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ xap/seamonkey-2.0.3-x86_64-1.txz
Slackware seamonkey-solibs-2.0.3-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ l/seamonkey-solibs-2.0.3-x86_64-1.txz
S.u.S.E. openSUSE 11.1
SuSE mozilla-xulrunner190-translations-1.9.0.18-0.1.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-translations-1.9.0.18-0.1.1.x86_64.rpm
SuSE mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.ppc.rpm
http://download.opensuse.org/debug/update/11.1/rpm/ppc/mozilla-xulrunn er190-debugsource-1.9.0.18-0.1.1.ppc.rpm
SuSE mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.i586.rpm
http://download.opensuse.org/debug/update/11.1/rpm/i586/mozilla-xulrun ner190-debugsource-1.9.0.18-0.1.1.i586.rpm
Slackware Linux 13.0 x86_64
Slackware seamonkey-solibs-2.0.3-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/seamonkey-solibs-2.0.3-x86_64-1_slack13.0.txz
Slackware seamonkey-2.0.3-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/seamonkey-2.0.3-x86_64-1_slack13.0.txz
S.u.S.E. openSUSE 11.2
SuSE seamonkey-irc-2.0.3-0.1.1.i586.rpm
http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-irc-2.0.3- 0.1.1.i586.rpm
SuSE python-xpcom191-1.9.1.8-0.1.1.i586.rpm
http://download.opensuse.org/update/11.2/rpm/i586/python-xpcom191-1.9. 1.8-0.1.1.i586.rpm
SuSE seamonkey-debuginfo-2.0.3-0.1.1.x86_64.rpm
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/seamonkey-de buginfo-2.0.3-0.1.1.x86_64.rpm
SuSE MozillaFirefox-3.5.8-0.1.1.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-3.5 .8-0.1.1.x86_64.rpm
Slackware Linux -current
Slackware seamonkey-solibs-2.0.3-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/se amonkey-solibs-2.0.3-i486-1.txz
Slackware seamonkey-2.0.3-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ seamonkey-2.0.3-i486-1.txz
参考网址
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=534082
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=530880
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=528300
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=528134
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=527567
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=501934
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=467005
来源: XF
名称: mozilla-browsereng-code-execution(56359)
链接:http://xforce.iss.net/xforce/xfdb/56359
来源: VUPEN
名称: ADV-2010-0405
链接:http://www.vupen.com/english/advisories/2010/0405
来源: UBUNTU
名称: USN-896-1
链接:http://www.ubuntu.com/usn/USN-896-1
来源: UBUNTU
名称: USN-895-1
链接:http://www.ubuntu.com/usn/USN-895-1
来源: REDHAT
名称: RHSA-2010:0113
链接:http://www.redhat.com/support/errata/RHSA-2010-0113.HTML
来源: REDHAT
名称: RHSA-2010:0112
链接:http://www.redhat.com/support/errata/RHSA-2010-0112.HTML
来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/2010/mfsa2010-01.HTML
来源: MANDRIVA
名称: MDVSA-2010:042
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
来源: DEBIAN
名称: DSA-1999
链接:http://www.debian.org/security/2010/dsa-1999
来源: SECUNIA
名称: 37242
链接:http://secunia.com/advisories/37242
来源: FEDORA
名称: FEDORA-2010-1727
链接:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.HTML
来源: FEDORA
名称: FEDORA-2010-1936
链接:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.HTML
来源: FEDORA
名称: FEDORA-2010-1932
链接:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.HTML
来源:NSFOCUS 名称:14535 链接:http://www.nsfocus.net/vulndb/14535
受影响实体
- Mozilla Seamonkey:2.0.2
- Mozilla Seamonkey:2.0:Alpha_2
- Mozilla Seamonkey:2.0:Alpha_1
- Mozilla Seamonkey:2.0:Beta_1
- Mozilla Seamonkey:2.0:Alpha_3
补丁
- mozilla-xulrunner190-translations-1.9.0.18-0.1.i586
- mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.ppc
- mozilla-xulrunner190-1.9.0.18-0.1.1.ppc
- python-xpcom190-1.9.0.18-0.1.1.ppc
- mozilla-xulrunner191-debuginfo-32bit-1.9.1.8-0.1.1.x86_64
评论