Vendor Status Note JVNCIAC-P-149

Firefox の複数の脆弱性

概要

Firefox バージョン 1.0 およびそれ以前には、文字列やポップアップウィンドウ、プラグインなどの様々な処理に脆弱性があります。

影響を受けるシステム
 - Firefox バージョン 1.0 およびそれ以前

想定される影響

遠隔から第三者が Firefox を実行しているユーザの権限を取得したり、Web サイトの偽装の有無を識別しにくくなったりするなどの様々な影響を受ける可能性があります。

ベンダ情報

ベンダリンク更新日
Mozilla Japan次世代ブラウザ Firefox とメールクライアント Thunderbird の公式サイト
Mozilla OrganizationMozilla Firefox - Next Generation Browser
Mozilla Suite
Red Hatセキュリティアドバイス RHSA-2005:176
Critical: firefox security update
参考情報

  1. Mozilla Foundation Security Advisory 2005-13
    Window Injection Spoofing
  2. Mozilla Foundation Security Advisory 2005-14
    SSL "secure site" indicator spoofing
  3. Mozilla Foundation Security Advisory 2005-15
    Heap overflow possible in UTF8 to Unicode conversion
  4. Mozilla Foundation Security Advisory 2005-16
    Spoofing download and security dialogs with overlapping windows
  5. Mozilla Foundation Security Advisory 2005-17
    Install source spoofing with user:pass@host
  6. Mozilla Foundation Security Advisory 2005-18
    Memory overwrite in string library
  7. Mozilla Foundation Security Advisory 2005-19
    Autocomplete data leak
  8. Mozilla Foundation Security Advisory 2005-20
    XSLT can include stylesheets from arbitrary hosts
  9. Mozilla Foundation Security Advisory 2005-21
    Overwrite arbitrary files downloading .lnk twice
  10. Mozilla Foundation Security Advisory 2005-22
    Download dialog spoofing using Content-Disposition header
  11. Mozilla Foundation Security Advisory 2005-23
    Download dialog source spoofing
  12. Mozilla Foundation Security Advisory 2005-24
    HTTP auth prompt tab spoofing
  13. Mozilla Foundation Security Advisory 2005-25
    Image drag and drop executable spoofing
  14. Mozilla Foundation Security Advisory 2005-26
    Cross-site scripting by dropping javascript: link on tab
  15. Mozilla Foundation Security Advisory 2005-27
    Plugins can be used to load privileged content
  16. Mozilla Foundation Security Advisory 2005-28
    Unsafe /tmp/plugtmp directory exploitable to erase user's files
  17. Mozilla Foundation Security Advisory 2005-29
    Internationalized Domain Name (IDN) homograph spoofing
  18. ISS X-Force Database: web-browser-popup-spoofing(18397)
    Multiple vendor Web browsers could spoof a pop-up window
  19. ISS X-Force Database: mozilla-dialog-source-spoof(18742)
    Mozilla download dialog source spoofing
  20. ISS X-Force Database: web-browser-modal-spoofing(18864)
    Multiple vendor Web browser modal dialog spoofing
  21. ISS X-Force Database: multiple-browsers-idn-spoof(19236)
    multiple Web browsers IDN URL spoofing
  22. ISS X-Force Database: mozilla-firefox-tab-gain-access(19264)
    Mozilla and Mozilla Firefox tab allows access to information from a window
  23. ISS X-Force Database: mozilla-firefox-aboutconfig-modify(19266)
    Mozilla and Mozilla Firefox about
  24. ISS X-Force Database: mozilla-firefox-string-heap-corruption(19522)
    Mozilla Firefox heap corruption
  25. ISS X-Force Database: mozilla-http-tab-spoofing(19526)
    Mozilla HTTP authentication prompt tab spoofing
  26. ISS X-Force Database: mozilla-xml-information-disclosure(19530)
    Mozilla XML document information disclosure
  27. ISS X-Force Database: mozilla-form-information-disclosure(19532)
    Mozilla form fill feature autocomplete information disclosure
  28. ISS X-Force Database: mozilla-userpass-spoofing(19533)
    Mozilla 'user:pass@host' spoofing
  29. ISS X-Force Database: mozilla-utf8-bo(19535)
    Mozilla UTF8 buffer overflow
  30. ISS X-Force Database: mozilla-ssl-indicator-spoofing(19536)
    Mozilla SSL lock icon spoofing
  31. ISS X-Force Database: mozilla-save-link-as-dialog-spoofing(19540)
    Mozilla 'Save Link As' download dialog spoofing

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2005-1001 ( 2005-03-09 )
JPCERT-WR-2005-1101 ( 2005-03-16 )
CIAC BulletinP-149 Firefox Security Update ( 2005-03-01 )
CVE2004-1156 [CVE+] XF18397
2005-0585 [CVE+] XF18742
2005-0233 [CVE+] XF19236
2005-0232 [CVE+] XF19266
2005-0231 [CVE+] XF19264
2005-0255 [CVE+] XF19522
2005-0578 [CVE+]
2005-0584 [CVE+] XF19526
2005-0586 [CVE+] XF19540
2005-0588 [CVE+] XF19530
2005-0589 [CVE+] XF19532
2005-0590 [CVE+] XF19533
2005-0591 [CVE+] XF18864
2005-0592 [CVE+] XF19535
2005-0593 [CVE+] XF19536
PGP署名JVNCIAC-P-149.html.sig

登録日13:01 2005/03/12
更新日13:01 2005/03/12

Copyright(C) 2002-2009 Keio Univ. All rights reserved.