Vendor Status Note JVNCIAC-S-162

Mozilla 製品群に複数の脆弱性

概要

Mozilla Firefox をはじめとする Mozilla 製品群には、複数の脆弱性があります。

影響を受けるシステム
 - Firefox
 - SeaMonkey
 - Thunderbird

想定される影響

遠隔の第三者がサービス運用妨害 (DoS) 攻撃を行ったり、ユーザの権限で任意のコードを実行したりする可能性があります。

ベンダ情報

ベンダリンク更新日
Mozilla Japan
Foundation セキュリティアドバイザリ: 2008 年 2 月 7 日
Mozilla JapanFirefox 2.0.0.12 の新機能と改良点
Red HatRed Hat Security Advisory RHSA-2008:0103
Critical: firefox security update
Red Hat Security Advisory RHSA-2008:0104
Critical: seamonkey security update
Red Hat Security Advisory RHSA-2008:0105
Moderate: thunderbird security update
参考情報

  1. US-CERT Vulnerability Note VU#879056
    Mozilla browsers fail to properly handle images
  2. US-CERT Vulnerability Note VU#309608
    Mozilla products may allow directory traversal
  3. ISS X-Force Database: mozilla-chromeuri-directory-traversal(39840)
    Multiple Mozilla products chrome
  4. ISS X-Force Database: firefox-webforgery-security-bypass(40353)
    Mozilla Firefox Web forgery warning dialog security bypass
  5. ISS X-Force Database: mozilla-stylesheet-information-disclosure(40355)
    Multiple Mozilla products stylesheet 302 redirect information disclosure
  6. ISS X-Force Database: mozilla-txtfile-dos(40356)
    Mozilla Firefox and SeaMonkey .txt file denial of service
  7. ISS X-Force Database: mozilla-password-file-corruption(40359)
    Mozilla Firefox password store file corruption
  8. ISS X-Force Database: mozilla-chrome-privilege-escalation(40360)
    Multiple Mozilla products javascript chrome privilege escalation
  9. ISS X-Force Database: mozilla-xmldocumentload-security-bypass(40361)
    Multiple Mozilla products XMLDocument.load() security bypass
  10. ISS X-Force Database: firefox-browser-code-execution(40362)
    Mozilla Firefox, Thunderbird, and SeaMonkey browser engine code execution
  11. ISS X-Force Database: firefox-javascript-code-execution(40363)
    Mozilla Firefox, Thunderbird, and SeaMonkey JavaScript engine codeexecution
  12. ISS X-Force Database: mozilla-timerdialog-security-bypass(40365)
    Mozilla Firefox and Thunderbird timer-enabled dialog security bypass
  13. ISS X-Force Database: mozilla-focus-information-disclosure(40367)
    Mozilla Firefox and SeaMonkey file input focus information disclosure
  14. ISS X-Force Database: mozilla-designmode-information-disclosure(40371)
    Mozilla Firefox, Thunderbird, and SeaMonkey designMode frames information disclosure
  15. ISS X-Force Database: firefox-character-encoding-xss(40488)
    Mozilla Firefox character encoding cross-site scripting

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2008-0701 ( 2008-02-20 )
CIAC BulletinS-162 Mozilla Products Vulnerabilities ( 2008-02-11 )
CVE2008-0412 [CVE+] XF40362
2008-0413 [CVE+] XF40363
2008-0414 [CVE+] XF40367
2008-0415 [CVE+] XF40360,XF40361
2008-0416 [CVE+] XF40488
2008-0417 [CVE+] XF40359
2008-0418 [CVE+] XF39840
2008-0419 [CVE+] XF40371
2008-0591 [CVE+] XF40365
2008-0592 [CVE+] XF40356
2008-0593 [CVE+] XF40355
2008-0594 [CVE+] XF40353
PGP署名JVNCIAC-S-162.html.sig

登録日16:16 2008/02/24
更新日16:16 2008/02/24

Copyright(C) 2002-2009 Keio Univ. All rights reserved.