漏洞信息详情
Mozilla Firefox Javascript处理器竞争条件内存破坏漏洞
- CNNVD编号:CNNVD-200608-327
- 危害等级: 中危
- CVE编号: CVE-2006-4253
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2006-08-21
- 威胁类型: 远程
- 更新时间: 2006-10-30
- 厂 商: netscape
- 漏洞来源: Michal Zalewski lc...
漏洞简介
Mozilla Firefox是一款开放源码的WEB浏览器。
Firefox的Javascript解析引擎处理恶意文档时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。
在解析显示深层嵌套的XML文档时Firefox会由Javascript处理器解释。如果随后将浏览器从脚本重新定向到了新的位置,就会中断没有完成的解析进程,并释放所有的结构。在这个过程中可能会出现竞争条件,导致双重释放等内存破坏问题,浏览器也会崩溃。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.mozilla.com/thunderbird/all.HTML
http://www.mozilla.com/Firefox/all.HTML
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.0.5/seamonkey-1.0.5.source.tar.bz2
http://lwn.net/Alerts/199693/?format=printable
http://lwn.net/Alerts/199692
参考网址
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=348514
来源: UBUNTU
名称: USN-354-1
链接:http://www.ubuntu.com/usn/usn-354-1
来源: UBUNTU
名称: USN-352-1
链接:http://www.ubuntu.com/usn/usn-352-1
来源: UBUNTU
名称: USN-351-1
链接:http://www.ubuntu.com/usn/usn-351-1
来源: UBUNTU
名称: USN-350-1
链接:http://www.ubuntu.com/usn/usn-350-1
来源: BID
名称: 19534
链接:http://www.securityfocus.com/bid/19534
来源: BID
名称: 19488
链接:http://www.securityfocus.com/bid/19488
来源: BUGTRAQ
名称: 20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems
链接:http://www.securityfocus.com/archive/1/archive/1/447840/100/200/threaded
来源: BUGTRAQ
名称: 20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems
链接:http://www.securityfocus.com/archive/1/archive/1/447837/100/200/threaded
来源: BUGTRAQ
名称: 20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems
链接:http://www.securityfocus.com/archive/1/archive/1/443528/100/0/threaded
来源: BUGTRAQ
名称: 20060812 Concurrency-related vulnerabilities in browsers - expect problems
链接:http://www.securityfocus.com/archive/1/archive/1/443020/100/100/threaded
来源: BUGTRAQ
名称: 20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems
链接:http://www.securityfocus.com/archive/1/443500/100/100/threaded
来源: BUGTRAQ
名称: 20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems
链接:http://www.securityfocus.com/archive/1/443306/100/100/threaded
来源: MISC
链接:http://www.securiteam.com/securitynews/5VP0M0AJFW.HTML
来源: REDHAT
名称: RHSA-2006:0677
链接:http://www.redhat.com/support/errata/RHSA-2006-0677.HTML
来源: REDHAT
名称: RHSA-2006:0676
链接:http://www.redhat.com/support/errata/RHSA-2006-0676.HTML
来源: REDHAT
名称: RHSA-2006:0675
链接:http://www.redhat.com/support/errata/RHSA-2006-0675.HTML
来源: SUSE
名称: SUSE-SA:2006:054
链接:http://www.novell.com/linux/security/advisories/2006_54_mozilla.HTML
来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/2006/mfsa2006-59.HTML
来源: VUPEN
名称: ADV-2006-3617
链接:http://www.frsirt.com/english/advisories/2006/3617
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
来源: SECTRACK
名称: 1016848
链接:http://securitytracker.com/id?1016848
来源: SECTRACK
名称: 1016847
链接:http://securitytracker.com/id?1016847
来源: SECTRACK
名称: 1016846
链接:http://securitytracker.com/id?1016846
来源: GENTOO
名称: GLSA-200610-04
链接:http://security.gentoo.org/glsa/glsa-200610-04.xml
来源: GENTOO
名称: GLSA-200610-01
链接:http://security.gentoo.org/glsa/glsa-200610-01.xml
来源: GENTOO
名称: GLSA-200609-19
链接:http://security.gentoo.org/glsa/glsa-200609-19.xml
来源: SECUNIA
名称: 22422
链接:http://secunia.com/advisories/22422
来源: SECUNIA
名称: 22391
链接:http://secunia.com/advisories/22391
来源: SECUNIA
名称: 22274
链接:http://secunia.com/advisories/22274
来源: SECUNIA
名称: 22210
链接:http://secunia.com/advisories/22210
来源: SECUNIA
名称: 22088
链接:http://secunia.com/advisories/22088
来源: SECUNIA
名称: 22074
链接:http://secunia.com/advisories/22074
来源: SECUNIA
名称: 22055
链接:http://secunia.com/advisories/22055
来源: SECUNIA
名称: 22036
链接:http://secunia.com/advisories/22036
来源: SECUNIA
名称: 22025
链接:http://secunia.com/advisories/22025
来源: SECUNIA
名称: 22001
链接:http://secunia.com/advisories/22001
来源: SECUNIA
名称: 21950
链接:http://secunia.com/advisories/21950
来源: SECUNIA
名称: 21949
链接:http://secunia.com/advisories/21949
来源: SECUNIA
名称: 21940
链接:http://secunia.com/advisories/21940
来源: SECUNIA
名称: 21939
链接:http://secunia.com/advisories/21939
来源: SECUNIA
名称: 21916
链接:http://secunia.com/advisories/21916
来源: SECUNIA
名称: 21915
链接:http://secunia.com/advisories/21915
来源: SECUNIA
名称: 21906
链接:http://secunia.com/advisories/21906
来源: SECUNIA
名称: 21513
链接:http://secunia.com/advisories/21513
来源: MISC
链接:http://lcamtuf.coredump.cx/ffoxdie3.HTML
受影响实体
- Netscape Navigator:8.1
- Mozilla Firefox:0.10.1
- Mozilla Firefox:0.10
- Mozilla Firefox:0.9.3
- Mozilla Firefox:0.9.2
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论