Mozilla Seamonkey/Firefox designMode框架图像 拒绝服务攻击漏洞

漏洞信息详情

Mozilla Seamonkey/Firefox designMode框架图像 拒绝服务攻击漏洞

• CNNVD编号：CNNVD-200802-137
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2008-0419
  
• 漏洞类型：
  
  
  资源管理错误
  
• 发布时间：
  
  2007-06-04
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2008-11-15
  
• 厂        商：
  
  mozilla
• 漏洞来源：
  Igor Bukanov
  Marti…

Firefox/Thunderbird/Mozilla SeaMonkey是美国Mozilla基金会开发的一个免费、开源以及跨平台的网络套装软件。
FMozilla Firefox浏览器引擎 2.0.0.12之前版本，SeaMonkey 1.1.8 之前版本，允许远程攻击者通过网页使用designMode框架中的图像，窃取导航历史记录和造成拒绝服务攻击，这将触发内存破坏。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：
http://www.debian.org/secURIty/2008/dsa-1506
https://www.redhat.com/support/errata/RHSA-2008-0104.html

来源: US-CERT
名称: VU#879056
链接:http://www.kb.cert.org/vuls/id/879056

来源: FEDORA
名称: FEDORA-2008-2118
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

来源: FEDORA
名称: FEDORA-2008-2060
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

来源: FEDORA
名称: FEDORA-2008-1535
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

来源: FEDORA
名称: FEDORA-2008-1459
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

来源: FEDORA
名称: FEDORA-2008-1435
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1995

来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=400556

来源: UBUNTU
名称: USN-576-1
链接:http://www.ubuntu.com/usn/usn-576-1

来源: SECTRACK
名称: 1019328
链接:http://www.securitytracker.com/id?1019328

来源: BID
名称: 27683
链接:http://www.securityfocus.com/bid/27683

来源: BUGTRAQ
名称: 20080229 rPSA-2008-0093-1 thunderbird
链接:http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded

来源: BUGTRAQ
名称: 20080212 FLEA-2008-0001-1 firefox
链接:http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded

来源: BUGTRAQ
名称: 20080209 rPSA-2008-0051-1 firefox
链接:http://www.securityfocus.com/archive/1/archive/1/487826/100/0/threaded

来源: REDHAT
名称: RHSA-2008:0105
链接:http://www.redhat.com/support/errata/RHSA-2008-0105.html

来源: REDHAT
名称: RHSA-2008:0104
链接:http://www.redhat.com/support/errata/RHSA-2008-0104.html

来源: REDHAT
名称: RHSA-2008:0103
链接:http://www.redhat.com/support/errata/RHSA-2008-0103.html

来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/2008/mfsa2008-06.html

来源: MANDRIVA
名称: MDVSA-2008:048
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

来源: GENTOO
名称: GLSA-200805-18
链接:http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

来源: VUPEN
名称: ADV-2008-1793
链接:http://www.frsirt.com/english/advisories/2008/1793/references

来源: VUPEN
名称: ADV-2008-0627
链接:http://www.frsirt.com/english/advisories/2008/0627/references

来源: VUPEN
名称: ADV-2008-0453
链接:http://www.frsirt.com/english/advisories/2008/0453/references

来源: DEBIAN
名称: DSA-1506
链接:http://www.debian.org/security/2008/dsa-1506

来源: DEBIAN
名称: DSA-1489
链接:http://www.debian.org/security/2008/dsa-1489

来源: DEBIAN
名称: DSA-1485
链接:http://www.debian.org/security/2008/dsa-1485

来源: DEBIAN
名称: DSA-1484
链接:http://www.debian.org/security/2008/dsa-1484

来源: wiki.rpath.com
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

来源: wiki.rpath.com
链接:http://wiki.rpath.com/Advisories:rPSA-2008-0093

来源: wiki.rpath.com
链接:http://wiki.rpath.com/Advisories:rPSA-2008-0051

来源: SUNALERT
名称: 238492
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

来源: SECUNIA
名称: 30620
链接:http://secunia.com/advisories/30620

来源: SECUNIA
名称: 29167
链接:http://secunia.com/advisories/29167

来源: SECUNIA
名称: 29164
链接:http://secunia.com/advisories/29164

来源: SECUNIA
名称: 29086
链接:http://secunia.com/advisories/29086

来源: SECUNIA
名称: 29049
链接:http://secunia.com/advisories/29049

来源: SECUNIA
名称: 28958
链接:http://secunia.com/advisories/28958

来源: SECUNIA
名称: 28939
链接:http://secunia.com/advisories/28939

来源: SECUNIA
名称: 28924
链接:http://secunia.com/advisories/28924

来源: SECUNIA
名称: 28879
链接:http://secunia.com/advisories/28879

来源: SECUNIA
名称: 28877
链接:http://secunia.com/advisories/28877

来源: SECUNIA
名称: 28865
链接:http://secunia.com/advisories/28865

来源: SECUNIA
名称: 28864
链接:http://secunia.com/advisories/28864

来源: SECUNIA
名称: 28839
链接:http://secunia.com/advisories/28839

来源: SECUNIA
名称: 28818
链接:http://secunia.com/advisories/28818

来源: SECUNIA
名称: 28815
链接:http://secunia.com/advisories/28815

来源: SECUNIA
名称: 28808
链接:http://secunia.com/advisories/28808

来源: SECUNIA
名称: 28766
链接:http://secunia.com/advisories/28766

来源: SECUNIA
名称: 28758
链接:http://secunia.com/advisories/28758

来源: SECUNIA
名称: 28754
链接:http://secunia.com/advisories/28754

来源: SUSE
名称: SUSE-SA:2008:008
链接:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

来源: browser.netscape.com
链接:http://browser.netscape.com/releasenotes/

来源: support.novell.com
链接:http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

来源: SECUNIA
名称: 30327
链接:http://secunia.com/advisories/30327

来源: SECUNIA
名称: 29567
链接:http://secunia.com/advisories/29567