漏洞信息详情

Mozilla Firefox和SeaMonkey 跨站脚本漏洞

• CNNVD编号：CNNVD-200702-485
• 危害等级： 中危
  
• CVE编号： CVE-2007-0780
• 漏洞类型： 跨站脚本
• 发布时间： 2007-02-26
• 威胁类型： 远程
• 更新时间： 2019-10-17
• 厂        商： mozilla
• 漏洞来源： Jesse Ruderman※ jr...

漏洞简介

Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。

Mozilla Firefox 1.5.0.10之前的1.5.x版本、2.0.0.2之前的2.x版本，SeaMonkey 1.0.8之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

http://www.mozilla.com/products/download.HTML?product=Firefox-1.5.0.10&os=win&lang=en-US

http://www.mozilla.com/products/download.HTML?product=Firefox-2.0.0.2&os=linux&lang=en-US

http://www.mozilla.com/products/download.HTML?product=thunderbird-1.5.0.10&os=linux&lang=en-US

参考网址

来源:SECUNIA

链接:http://secunia.com/advisories/24437

来源:SECUNIA

链接:http://secunia.com/advisories/24238

来源:SLACKWARE

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

来源:SECUNIA

链接:http://secunia.com/advisories/24455

来源:SECUNIA

链接:http://secunia.com/advisories/24333

来源:SECUNIA

链接:http://secunia.com/advisories/24457

来源:MANDRIVA

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

来源:BID

链接:https://www.securityfocus.com/bid/22694

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/32667

来源:CONFIRM

链接:https://issues.rpath.com/browse/RPL-1103

来源:FEDORA

链接:http://fedoranews.org/CMS/node/2713

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2007-0108.HTML

来源:SUSE

链接:http://www.novell.com/linux/security/advisories/2007_22_mozilla.HTML

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2007-0078.HTML

来源:SLACKWARE

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

来源:SECUNIA

链接:http://secunia.com/advisories/24384

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2007-0097.HTML

来源:SECUNIA

链接:http://secunia.com/advisories/24343

来源:SECUNIA

链接:http://secunia.com/advisories/24287

来源:SECUNIA

链接:http://secunia.com/advisories/24320

来源:SECUNIA

链接:http://secunia.com/advisories/24342

来源:MISC

链接:https://bugzilla.mozilla.org/show_bug.cgi?id=354973

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/461809/100/0/threaded

来源:CONFIRM

链接:http://www.mozilla.org/security/announce/2007/mfsa2007-05.HTML

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884

来源:SECUNIA

链接:http://secunia.com/advisories/24205

来源:SECUNIA

链接:http://secunia.com/advisories/24328

来源:HP

链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

来源:UBUNTU

链接:http://www.ubuntu.com/usn/usn-428-1

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/461336/100/0/threaded

来源:SECTRACK

链接:http://www.securitytracker.com/id?1017702

来源:SECUNIA

链接:http://secunia.com/advisories/24290

来源:CONFIRM

链接:https://issues.rpath.com/browse/RPL-1081

来源:REDHAT

链接:http://rhn.redhat.com/errata/RHSA-2007-0077.HTML

来源:SECUNIA

链接:http://secunia.com/advisories/24395

来源:SECUNIA

链接:http://secunia.com/advisories/24650

来源:GENTOO

链接:http://security.gentoo.org/glsa/glsa-200703-04.xml

来源:GENTOO

链接:http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2007-0079.HTML

来源:SECUNIA

链接:http://secunia.com/advisories/24293

来源:OSVDB

链接:http://www.osvdb.org/32107

来源:SUSE

链接:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.HTML

来源:FEDORA

链接:http://fedoranews.org/CMS/node/2728

来源:SECUNIA

链接:http://secunia.com/advisories/24393

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/0718

受影响实体

• Mozilla Firefox:1.5.0.9  
• Mozilla Firefox:2.0.0.1  
• Mozilla Seamonkey:1.0.7  

补丁

• Mozilla Firefox和SeaMonkey 跨站脚本漏洞的修复措施