數聯資安
 

 

 
   
  G-Exper資安預警通報

通報簡述
 主旨:Mozilla產品發佈多項安全漏洞修補程式
 時間:2009/05/13
 等級:第一級(注意)
 通報類別:弱點警報
 編寫:G-Expert網路安全團隊-黃昭明
 描述:Mozilla於4月21日發佈產品多項安全漏洞修補程式,在這12個修補程式等級裡,有2個被標示為極度危險、2個為高度危險及7個為中低度危險。


風險詳述
Mozilla發佈Firefox, SeaMonkey, Thunderbird產品多項安全漏洞修補程式,其中包含跨站腳本攻擊、網址連結詐欺、記憶體竄改等。其中較為嚴重的漏洞,可使攻擊者攻成功的在受害者電腦上執行惡意程式代碼。


影響系統
Firefox < 3.0.9
Thunderbird < 2.0.0.21
SeaMonkey < 1.1.16
 

解決方案
升級 Mozilla 產品至下列版本
Firefox 3.0.10
Thunderbird 2.0.0.21
SeaMonkey 1.1.16
 


參考資料
Firefox
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
---------------------------------------------------------------------------------
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html

MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html

MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html

MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html

MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html

MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html

MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html

MFSA 2009-15 URL spoofing with box drawing character
http://www.mozilla.org/security/announce/2009/mfsa2009-15.html

* MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Thunderbird
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
---------------------------------------------------------------------------------
MFSA 2009-15 URL spoofing with box drawing character
http://www.mozilla.org/security/announce/2009/mfsa2009-15.html

* MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
http://www.mozilla.org/security/announce/2009/mfsa2009-10.html

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Seamonkey
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
---------------------------------------------------------------------------------
* MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html

 
地址 : 114 台北市內湖區洲子街 71 號 6 樓 / 電話 : 886-2-7721-1688 / 傳真: 886-2-7721-1689
版權所有 copyright © 2005 數聯資安股份有限公司
本站最佳瀏覽模式為IE5.0 以上,解析度 1024*768