Mozilla/Firefox Browsers未授权剪贴板内容泄露

漏洞信息详情

Mozilla/Firefox Browsers未授权剪贴板内容泄露

• CNNVD编号：CNNVD-200412-867
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0908
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  mozilla
• 漏洞来源：
  Discovery of this …

Mozilla Firefox Preview Release以前版本，Mozilla 1.7.3以前版本和Thunderbird 0.8以前版本存在漏洞。不受信任Javascript代码可以借助如Ctrl-Ins的script-generated事件读写剪贴板，并可能获得敏感信息。

This issue is addressed in Mozilla 1.7.3 and Firefox Preview Release:
Conectiva has released an advisory (CLA-2004:877) to address various issues including this issue in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information.
Gentoo has released an advisory (GLSA 200409-26) to address various issues in Mozilla Browsers. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems.
emerge sync
emerge -pv your-version
emerge your-version
RedHat Linux has released advisory RHSA-2004:486-18 along with fixes to address this, and other issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information on obtaining fixes.
HP has released an advisory (SSRT4826) dealing with this issue for their Tru64 UNIX platform. Please see the referenced advisory for more information.
SuSE Linux has released advisory SUSE-SA:2004:036 along with fixes dealing with this issue. Please see the referenced advisory for more information.
The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
Mozilla Firefox 0.8

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9 rc

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.1

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.2

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.3

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Browser 1.7

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7 rc3

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7.1

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7.2

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

来源:US-CERT Vulnerability Note: VU#460528
名称: VU#460528
链接:http://www.kb.cert.org/vuls/id/460528

来源: BID
名称: 11179
链接:http://www.securityfocus.com/bid/11179

来源: SUSE
名称: SUSE-SA:2004:036
链接:http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

来源: FEDORA
名称: FLSA:2089
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109900315219363&w=2

来源: bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=257523

来源: XF
名称: mozilla-shortcut-clipboard-access(17376)
链接:http://xforce.iss.net/xforce/xfdb/17376

来源: www.mozilla.org
链接:http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

来源: GENTOO
名称: GLSA-200409-26
链接:http://security.gentoo.org/glsa/glsa-200409-26.xml

来源: SECUNIA
名称: 12526
链接:http://secunia.com/advisories/12526

来源: OVAL
名称: oval:org.mitre.oval:def:9745
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9745

来源: HP
名称: SSRT4826
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109698896104418&w=2