Mozilla Browser Zombie Document跨站脚本攻击漏洞-一一网

漏洞信息详情

Mozilla Browser Zombie Document跨站脚本攻击漏洞

CNNVD编号：CNNVD-200403-068

危害等级：中危
CVE编号：
CVE-2004-0191
漏洞类型：

跨站脚本
发布时间：

2004-03-15
威胁类型：

远程
更新时间：

2005-05-16
厂商：

mozilla
漏洞来源：
Disclosure of this…

漏洞简介

Mozilla的1.4.2之前的版本在下载新页面时执行Javascript事件，该漏洞使得与之前的页面(zombie document)相互影响以及启用跨域和跨站脚本(XSS)攻击，正如使用onmousemove事件。

漏洞公告

Mozilla has released a patch dealing with this issue. Customers are advised to contact the vendor for further details for obtaining the appropriate patch. Please see the reference section for more details.
SGI have released an advisory (20040402-01-U) and a patch to address this issue in SGI ProPack version 2.3 and 2.4. The vendor has advised that customers apply this patch as soon as possible. Further details regarding obtaining and applying an appropriate patch can be found in the referenced advisory. Patch is linked below.
Redhat has released advisory RHSA-2004:112-01 dealing with this issue. Please see the reference for more information.
RedHat has released an update to the previously released advisory RHSA-2004:110-19, RHSA-2004:110-20 is now available and deals with this issue for their Enterprise linux distribution. Please see the referenced advisory for more information and details on obtaining fixes.
HP has released advisory HPSBUX01036-SSRT4722 dealing with this and other issues; fixes have been provided.
SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.
The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
Mozilla Browser 0.9.9

RedHat galeon-1.2.13-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.13
-0.7.1.legacy.i386.rpm
RedHat mozilla-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.4.3
-0.7.1.legacy.i386.rpm
RedHat mozilla-chat-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-
1.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-devel-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel
-1.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-dom-inspector-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-i
nspector-1.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-js-debugger-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-de
bugger-1.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-mail-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-
1.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-nspr-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-
1.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-nspr-devel-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-
devel-1.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-nss-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1
.4.3-0.7.1.legacy.i386.rpm
RedHat mozilla-nss-devel-1.4.3-0.7.1.legacy.i386.rpmRedHat Linux 7.3

http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-d
evel-1.4.3-0.7.1.legacy.i386.rpm

Mozilla Browser 1.2 Alpha

HP Mozilla 1.2.1.01 for HP-UX

http://www.hp.com/products1/unix/java/mozilla/index.html

Mozilla Browser 1.2

HP Mozilla 1.2.1.01 for HP-UX

http://www.hp.com/products1/unix/java/mozilla/index.html

Mozilla Browser 1.2 Beta

HP Mozilla 1.2.1.01 for HP-UX

http://www.hp.com/products1/unix/java/mozilla/index.html

Mozilla Browser 1.2.1

HP Mozilla 1.2.1.01 for HP-UX

http://www.hp.com/products1/unix/java/mozilla/index.html
RedHat galeon-1.2.13-0.9.2.legacy.i386.rpmRedHat Linux 9

http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.13-0
.9.2.legacy.i386.rpm
RedHat mozilla-1.4.3-0.9.1.legacy.i386.rpmRedHat Linux 9

http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.4.3-0
.9.1.legacy.i386.rpm
RedHat mozilla-chat-1.4.3-0.9.1.legacy.i386.rpmRedHat Linux 9

http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.
4.3-0.9.1.legacy.i386.rpm
RedHat mozilla-devel-1.4.3-0.9.1.legacy.i386.rpmRedHat Linux 9

http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1
.4.3-0.9.1.legacy.i386.rpm
RedHat mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpmRedHat Linux 9

http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-ins
pector-1.4.3-0.9.1.legacy.i386.rpm
RedHat mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpmRedHat Linux 9

http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debu
gger-1.4.3-0.9.1.legacy.i386.rpm
RedHat mozilla-mail-1.4.3-0.9.1.legacy.i386.rpmRedHat Linux 9

http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.
4.3-0.9.1.legacy.i386.rpm

参考网址

来源: XF
名称: mozilla-event-handler-xss(15322)
链接:http://xforce.iss.net/xforce/xfdb/15322

来源: BID
名称: 9747
链接:http://www.securityfocus.com/bid/9747

来源: BUGTRAQ
名称: 20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107774710729469&w=2

来源: bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=227417

来源: REDHAT
名称: RHSA-2004:112
链接:http://www.redhat.com/support/errata/RHSA-2004-112.html

来源: REDHAT
名称: RHSA-2004:110
链接:http://www.redhat.com/support/errata/RHSA-2004-110.html

来源: OSVDB
名称: 4062
链接:http://www.osvdb.org/4062

来源: HP
名称: SSRT4722
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108448379429944&w=2

来源: US Government Resource: oval:org.mitre.oval:def:937
名称: oval:org.mitre.oval:def:937
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:937

来源: US Government Resource: oval:org.mitre.oval:def:874
名称: oval:org.mitre.oval:def:874
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:874