Mozilla/Firefox浏览器特权管理员EnablePrivilege对话操作漏洞

漏洞信息详情

Mozilla/Firefox浏览器特权管理员EnablePrivilege对话操作漏洞

• CNNVD编号：CNNVD-200412-666
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0909
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  mozilla
• 漏洞来源：
  Discovery of this …

Mozilla Firefox Preview Release之前版本，Mozilla 1.7.3之前版本，以及Thunderbird 0.8之前版本存在漏洞。远程攻击者借助需要使用enablePrivilege参数的加强能力的已签署脚本，欺骗用户去执行意外行为，包括安装软件，然后修改某些有关安全的对话消息的涵义。

This issue is addressed in Mozilla 1.7.3 and Firefox Preview Release:
Conectiva has released an advisory (CLA-2004:877) to address various issues including this issue in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information.
Gentoo has released an advisory (GLSA 200409-26) to address various issues in Mozilla Browsers. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems.
emerge sync
emerge -pv your-version
emerge your-version
For more information please see the referenced Gentoo Linux advisory.
HP has released an advisory (SSRT4826) dealing with this issue for their Tru64 UNIX platform. Please see the referenced advisory for more information.
SuSE Linux has released advisory SUSE-SA:2004:036 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Mozilla Firefox 0.9 rc

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.1

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.2

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.3

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Browser 1.7

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7 rc3

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7.1

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7.2

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

来源:US-CERT Vulnerability Note: VU#113192
名称: VU#113192
链接:http://www.kb.cert.org/vuls/id/113192

来源: XF
名称: mozilla-enableprivilege-modify-dialog(17377)
链接:http://xforce.iss.net/xforce/xfdb/17377

来源: SUSE
名称: SUSE-SA:2004:036
链接:http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

来源: www.mozilla.org
链接:http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

来源: GENTOO
名称: GLSA-200409-26
链接:http://security.gentoo.org/glsa/glsa-200409-26.xml

来源: SECUNIA
名称: 12526
链接:http://secunia.com/advisories/12526

来源: HP
名称: SSRT4826
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109698896104418&w=2

来源: bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=253942