Mozilla Firefox不安全默认安装漏洞

漏洞信息详情

Mozilla Firefox不安全默认安装漏洞

• CNNVD编号：CNNVD-200412-856
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-2228
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  mozilla
• 漏洞来源：
  Reportedly this is…

基于Mac OS X平台的Mozilla Firefox 1.0以前版本安装时具有全域可写权限，本地用户可以利用该漏洞提升特权。

The vendor has released an upgrade dealing with this issue.
Gentoo has released an advisory GLSA 200501-03 to address various issues in multiple browsers offered by Mozilla. Gentoo users may carry out the following commands to update their computers:
Mozilla users:
emerge –sync
emerge –ask –oneshot –verbose “>=net-www/mozilla-1.7.5”
Mozilla binary users:
emerge –sync
emerge –ask –oneshot –verbose “>=net-www/mozilla-bin-1.7.5”
Firefox users:
emerge –sync
emerge –ask –oneshot –verbose “>=net-www/mozilla-firefox-1.0”
Firefox binary users:
emerge –sync
emerge –ask –oneshot –verbose “>=net-www/mozilla-firefox-bin-1.0”
Thunderbird users:
# emerge –sync
# emerge –ask –oneshot ?verbose “>=mail-client/mozilla-thunderbird-0.9”
Thunderbird:
# emerge –sync
# emerge –ask –oneshot ?verbose “>=mail-client/mozilla-thunderbird-bin-0.9”
Please see the referenced advisory for more information.
Mozilla Firefox 0.10

• Mozilla Firefox 1.0
  
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.10.1

• Mozilla Firefox 1.0
  
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.8

• Mozilla Firefox 1.0
  
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9

• Mozilla Firefox 1.0
  
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.1

• Mozilla Firefox 1.0
  
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.2

• Mozilla Firefox 1.0
  
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.3

• Mozilla Firefox 1.0
  
  http://www.mozilla.org/products/firefox/

来源: XF
名称: mozilla-firefox-gain-privileges(18017)
链接:http://xforce.iss.net/xforce/xfdb/18017

来源: BID
名称: 11644
链接:http://www.securityfocus.com/bid/11644

来源: OSVDB
名称: 11592
链接:http://www.osvdb.org/11592

来源: GENTOO
名称: GLSA-200501-03
链接:http://security.gentoo.org/glsa/glsa-200501-03.xml

来源: SECUNIA
名称: 13724
链接:http://secunia.com/advisories/13724

来源: SECUNIA
名称: 13144
链接:http://secunia.com/advisories/13144