Mozilla Firefox/SeaMonkey 任意代码执行漏洞

漏洞信息详情

Mozilla Firefox/SeaMonkey 任意代码执行漏洞

• CNNVD编号：CNNVD-200604-225
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2006-1725
  
• 漏洞类型：
  
  
  权限许可和访问控制
  
• 发布时间：
  
  2006-04-14
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-28
  
• 厂        商：
  
  mozilla
• 漏洞来源：
  TippingPoint http:…

Mozilla Suite/Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。

Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 XUL内容窗口与Firefox 1.5中新的faster history机制交互可能导致这些窗口变得半透明。攻击者可以利用这个漏洞诱骗用户与无法看到的窗口UI交互，导致执行任意代码。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Sun Solaris 10.0

Sun 119115-21

http://sunsolve.sun.com/

Sun Solaris 8

Sun 120671-03

http://sunsolve.sun.com/patches/

HP HP-UX B.11.23

HP Firefox v2.0.0.4

http://www.hp.com/products1/unix/java/firefox/downloads/license_firefo x_2-0-0-4.html

HP thunderbird_1.5.0.9_ia.depot.gz

For HP-UX B.11.23 and B.11.31 (IA)

http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html

HP thunderbird_1.5.0.9_pa.depot.gz

For HP-UX B.11.11, B.11.23, and B.11.31 (PA)

http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html

HP HP-UX B.11.11

HP Firefox v2.0.0.4

http://www.hp.com/products1/unix/java/firefox/downloads/license_firefo x_2-0-0-4.html

HP thunderbird_1.5.0.9_pa.depot.gz

For HP-UX B.11.11, B.11.23, and B.11.31 (PA)

http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html

Mozilla Thunderbird 0.8

Fedora Legacy thunderbird-1.0.8-1.1.fc3.4.legacy.i386.rpm

Fedora Core 3:

http://download.fedoralegacy.org/fedora/3/updates/i386/thunderbird-1.0 .8-1.1.fc3.4.legacy.i386.rpm

Fedora Legacy thunderbird-1.0.8-1.1.fc3.4.legacy.x86_64.rpm

Fedora Core 3:

http://download.fedoralegacy.org/fedora/3/updates/x86_64/thunderbird-1 .0.8-1.1.fc3.4.legacy.x86_64.rpm

Mozilla Firefox 1.0.4

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_alpha.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_amd64.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_arm.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_hppa.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_i386.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_ia64.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_m68k.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_mips.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_s390.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_s390.deb

Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_sparc.deb

Debian mozilla-firefox-gnome-support_1.0.4-2sarge6_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-gnome-support_1.

来源: MISC

链接:https://bugzilla.mozilla.org/show_bug.cgi?id=327014

来源: BID

名称: 17516

链接:http://www.securityfocus.com/bid/17516

来源: www.mozilla.org

链接:http://www.mozilla.org/security/announce/2006/mfsa2006-29.html

来源: VUPEN

名称: ADV-2006-1356

链接:http://www.frsirt.com/english/advisories/2006/1356

来源: SECUNIA

名称: 19649

链接:http://secunia.com/advisories/19649

来源: SECUNIA

名称: 19631

链接:http://secunia.com/advisories/19631

来源: XF

名称: mozilla-xul-window-spoofing(25827)

链接:http://xforce.iss.net/xforce/xfdb/25827

来源: HP

名称: SSRT061181

链接:http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded

来源: VUPEN

名称: ADV-2008-0083

链接:http://www.frsirt.com/english/advisories/2008/0083

来源: VUPEN

名称: ADV-2006-3748

链接:http://www.frsirt.com/english/advisories/2006/3748

来源: SECUNIA

名称: 22066

链接:http://secunia.com/advisories/22066

来源: US Government Resource: oval:org.mitre.oval:def:1471

名称: oval:org.mitre.oval:def:1471

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1471