Vendor Status Note JVNCIAC-P-149

Firefox の複数の脆弱性

Firefox バージョン 1.0 およびそれ以前には、文字列やポップアップウィンドウ、プラグインなどの様々な処理に脆弱性があります。

影響を受けるシステム
　- Firefox バージョン 1.0 およびそれ以前

遠隔から第三者が Firefox を実行しているユーザの権限を取得したり、Web サイトの偽装の有無を識別しにくくなったりするなどの様々な影響を受ける可能性があります。

ベンダ	リンク	更新日
Mozilla Japan	次世代ブラウザ Firefox とメールクライアント Thunderbird の公式サイト
Mozilla Organization	Mozilla Firefox - Next Generation Browser
	Mozilla Suite
Red Hat	セキュリティアドバイス RHSA-2005:176 Critical: firefox security update

1. Mozilla Foundation Security Advisory 2005-13
   Window Injection Spoofing
2. Mozilla Foundation Security Advisory 2005-14
   SSL "secure site" indicator spoofing
3. Mozilla Foundation Security Advisory 2005-15
   Heap overflow possible in UTF8 to Unicode conversion
4. Mozilla Foundation Security Advisory 2005-16
   Spoofing download and security dialogs with overlapping windows
5. Mozilla Foundation Security Advisory 2005-17
   Install source spoofing with user:pass@host
6. Mozilla Foundation Security Advisory 2005-18
   Memory overwrite in string library
7. Mozilla Foundation Security Advisory 2005-19
   Autocomplete data leak
8. Mozilla Foundation Security Advisory 2005-20
   XSLT can include stylesheets from arbitrary hosts
9. Mozilla Foundation Security Advisory 2005-21
   Overwrite arbitrary files downloading .lnk twice
10. Mozilla Foundation Security Advisory 2005-22
    Download dialog spoofing using Content-Disposition header
11. Mozilla Foundation Security Advisory 2005-23
    Download dialog source spoofing
12. Mozilla Foundation Security Advisory 2005-24
    HTTP auth prompt tab spoofing
13. Mozilla Foundation Security Advisory 2005-25
    Image drag and drop executable spoofing
14. Mozilla Foundation Security Advisory 2005-26
    Cross-site scripting by dropping javascript: link on tab
15. Mozilla Foundation Security Advisory 2005-27
    Plugins can be used to load privileged content
16. Mozilla Foundation Security Advisory 2005-28
    Unsafe /tmp/plugtmp directory exploitable to erase user's files
17. Mozilla Foundation Security Advisory 2005-29
    Internationalized Domain Name (IDN) homograph spoofing
18. ISS X-Force Database: web-browser-popup-spoofing(18397)
    Multiple vendor Web browsers could spoof a pop-up window
19. ISS X-Force Database: mozilla-dialog-source-spoof(18742)
    Mozilla download dialog source spoofing
20. ISS X-Force Database: web-browser-modal-spoofing(18864)
    Multiple vendor Web browser modal dialog spoofing
21. ISS X-Force Database: multiple-browsers-idn-spoof(19236)
    multiple Web browsers IDN URL spoofing
22. ISS X-Force Database: mozilla-firefox-tab-gain-access(19264)
    Mozilla and Mozilla Firefox tab allows access to information from a window
23. ISS X-Force Database: mozilla-firefox-aboutconfig-modify(19266)
    Mozilla and Mozilla Firefox about
24. ISS X-Force Database: mozilla-firefox-string-heap-corruption(19522)
    Mozilla Firefox heap corruption
25. ISS X-Force Database: mozilla-http-tab-spoofing(19526)
    Mozilla HTTP authentication prompt tab spoofing
26. ISS X-Force Database: mozilla-xml-information-disclosure(19530)
    Mozilla XML document information disclosure
27. ISS X-Force Database: mozilla-form-information-disclosure(19532)
    Mozilla form fill feature autocomplete information disclosure
28. ISS X-Force Database: mozilla-userpass-spoofing(19533)
    Mozilla 'user:pass@host' spoofing
29. ISS X-Force Database: mozilla-utf8-bo(19535)
    Mozilla UTF8 buffer overflow
30. ISS X-Force Database: mozilla-ssl-indicator-spoofing(19536)
    Mozilla SSL lock icon spoofing
31. ISS X-Force Database: mozilla-save-link-as-dialog-spoofing(19540)
    Mozilla 'Save Link As' download dialog spoofing