Vendor Status Note JVNCIAC-O-195

Mozilla に複数の脆弱性

概要

Mozilla には、バッファオーバーフローなどの複数の脆弱性があります。
また、libpng に含まれる脆弱性も存在します。

想定される影響

遠隔から第三者が Mozilla を実行しているユーザの権限を取得する可能性があります。

ベンダ情報

ベンダリンク更新日
ミラクル・リナックスmozilla セキュリティ 2004年8月6日 複数のセキュリティ対策およびバージョンアップ
Red Hatセキュリティアドバイス RHSA-2004:421
Updated mozilla packages fix security issues
Sun MicroystemsSun Alert ID: 57701
Multiple Security Vulnerabilities in Mozilla
参考情報

  1. CIAC Bulletin O-195
    Mozilla Updated Security Packages
  2. CIAC Bulletin P-069
    Sun - Multiple Mozilla Vulnerabilities
  3. US-CERT Vulnerability Note VU#388984
    libpng fails to properly check length of transparency chunk (tRNS) data
  4. US-CERT Vulnerability Note VU#817368
    libpng png_handle_sBIT() performs insufficient bounds checking
  5. US-CERT Vulnerability Note VU#286464
    libpng contains integer overflows in progressive display image reading
  6. US-CERT Vulnerability Note VU#477512
    libpng png_handle_sPLT() integer overflow
  7. US-CERT Vulnerability Note VU#160448
    libpng integer overflow in image height processing
  8. ISS X-Force Database: libpng-pnghandle-bo(16894)
    libpng png_handle_sBIT and png_handle_tRNS buffer overflow
  9. ISS X-Force Database: lilbpng-integer-bo(16896)
    libpng integer buffer overflow
  10. ISS X-Force Database: http-frame-spoof(1598)
    Web browser frame spoof
  11. ISS X-Force Database: mozilla-netscape-soapparameter-bo(16862)
    Mozilla and Netscape SOAPParameter buffer overflow
  12. ISS X-Force Database: mozilla-senduidl-pop3-bo(16869)
    Mozilla, Firefox and Thunderbird SendUidl POP3 buffer overflow
  13. ISS X-Force Database: mozilla-certificate-dos(16706)
    Mozilla/Firefox certificate denial of service
  14. ISS X-Force Database: mozilla-warning-file-upload(16870)
    Mozilla warning file upload
  15. ISS X-Force Database: mozilla-modify-mime-type(16691)
    Mozilla modify mime type
  16. ISS X-Force Database: mozilla-redirect-ssl-spoof(16871)
    Mozilla, Firefox and Thunderbird redirect SSL lock spoofing
  17. ISS X-Force Database: mozilla-dialog-code-execution(16623)
    Mozilla XPInstall/Security dialog box code execution
  18. ISS X-Force Database: mozilla-ssl-certificate-spoofing(16796)
    Mozilla SSL certificate spoofing
  19. ISS X-Force Database: mozilla-user-interface-spoofing(16837)
    Mozilla and Firefox user interface spoofing
  20. ISS X-Force Database: mozilla-certtesthostname-certificate-spoof(16868)
    Mozilla, Firefox and Thunderbird cert_TestHostName certificate spoofing
JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2004-3101 ( 2004-08-11 )
JPCERT-WR-2004-5001 ( 2004-12-22 )
CIAC BulletinO-195 Mozilla Updated Security Packages ( 2004-08-05 )
CVE2004-0597 [CVE+] VU#388984,VU#817368,XF16894
2004-0599 [CVE+] VU#286464,VU#477512,VU#160448,XF16896
2004-0718 [CVE+] XF1598
2004-0722 [CVE+] XF16862
2004-0757 [CVE+] XF16869
2004-0758 [CVE+] XF16706
2004-0759 [CVE+] XF16870
2004-0760 [CVE+] XF16691
2004-0761 [CVE+] XF16871
2004-0762 [CVE+] XF16623
2004-0763 [CVE+] XF16796
2004-0764 [CVE+] XF16837
2004-0765 [CVE+] XF16868
PGP署名JVNCIAC-O-195.html.sig
登録日10:20 2004/08/14
更新日17:10 2004/12/26

Copyright(C) 2002-2009 Keio Univ. All rights reserved.