黑衣~魂 2007-7-19 16:36
Mozilla Firefox Multiple 弱點
Mozilla Firefox Multiple Vulnerabilities
文章來源參考[url=http://secunia.com/advisories/26095/]secunia.com[/url]
Secunia Advisory:SA26095
Release Date:2007-07-18
Critical:Highly critical
Impact:Cross Site Scripting
Spoofing
DoS
System access
Where:From remote
Solution Status:Vendor Patch
Software:Mozilla Firefox 2.0.x
CVE reference:
CVE-2007-3734 (Secunia mirror)
CVE-2007-3735 (Secunia mirror)
CVE-2007-3736 (Secunia mirror)
CVE-2007-3737 (Secunia mirror)
CVE-2007-3738 (Secunia mirror)
CVE-2007-3089 (Secunia mirror)
[quote]Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and potentially to compromise a user's system.
1) Various errors in the browser engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
2) Various errors in the Javascript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
3) An error in the "addEventListener" and "setTimeout" methods can be exploited to inject script into another site's context, circumventing the browser's same-origin policy.
4) An error in the cross-domain handling can be exploited to inject arbitrary HTML and script code in a sub-frame of another web site.
This is related to vulnerability #5 in:
SA21906
5) An unspecified error in the handling of elements outside of documents allows an attacker to call an event handler and execute arbitrary code with chrome privileges.
6) An unspecified error in the handling of "XPCNativeWrapper" can lead to execution of user-supplied code.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
[url]http://secunia.com/software_inspector/[/url]
Solution:
Update to version 2.0.0.5.[/quote]
黑衣~魂 2007-7-20 00:35
回復 #2 天氣預報 的帖子
剛剛中文有更新了~請對照時間發布漏洞時間在us-2007-07-18更新時間是台灣時間的剛剛發布更新~我這的狀況是這樣~
-------
未更新者趕快更新到2.0.0.5.版本吧~
[[i] 本帖最後由 黑衣~魂 於 2007-7-20 00:36 編輯 [/i]]