Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:L/AC:H/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
Mozilla
(2.0.0.11)
Firefox
(2.0.0.2)
SeaMonkey
(1.0, 1.0 Alpha, 1.0 Beta, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8)
Thunderbird
(1.5 Beta 2, 1.5.0.10)
devhelp
(Unknown)
firefox
(Unknown)
seamonkey
(Unknown)
thunderbird
(Unknown)
Описание
Уязвимости в механизме вывода информации Mozilla Firefox, Thunderbird и SeaMonkey позволяют злоумышленникам вызвать отказ в обслуживании (аварийное завершение) и, возможно, выполнить произвольный код по некоторым векторам атаки.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.mozilla.org/
http://www.mozilla.org/
Ссылки
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
BUGTRAQ (20070226 rPSA-2007-0040-1 firefox): http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
BUGTRAQ (20070303 rPSA-2007-0040-3 firefox thunderbird): http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
FEDORA (FEDORA-2007-281): http://fedoranews.org/cms/node/2713
FEDORA (FEDORA-2007-293): http://fedoranews.org/cms/node/2728
GENTOO (GLSA-200703-04): http://security.gentoo.org/glsa/glsa-200703-04.xml
GENTOO (GLSA-200703-08): http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
GENTOO (GLSA-200703-18): http://security.gentoo.org/glsa/glsa-200703-18.xml
MANDRIVA (MDKSA-2007:050): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:050
MANDRIVA (MDKSA-2007:052): http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
REDHAT (RHSA-2007:0079): http://www.redhat.com/support/errata/RHSA-2007-0079.html
REDHAT (RHSA-2007:0077): http://rhn.redhat.com/errata/RHSA-2007-0077.html
REDHAT (RHSA-2007:0078): http://www.redhat.com/support/errata/RHSA-2007-0078.html
REDHAT (RHSA-2007:0097): http://www.redhat.com/support/errata/RHSA-2007-0097.html
REDHAT (RHSA-2007:0108): http://www.redhat.com/support/errata/RHSA-2007-0108.html
SUSE (SUSE-SA:2007:019): http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
UBUNTU (USN-428-1): http://www.ubuntu.com/usn/usn-428-1
UBUNTU (USN-431-1): http://www.ubuntu.com/usn/usn-431-1
CERT-VN (VU#761756): http://www.kb.cert.org/vuls/id/761756
BID (22694): http://www.securityfocus.com/bid/22694
FRSIRT (ADV-2007-0719): http://www.frsirt.com/english/advisories/2007/0719
FRSIRT (ADV-2007-0718): http://www.frsirt.com/english/advisories/2007/0718
SECTRACK (1017698): http://www.securitytracker.com/id?1017698
XF (mozilla-multiple-layout-code-execution(32704)): http://xforce.iss.net/xforce/xfdb/32704
SGI (20070301-01-P): ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
BUGTRAQ (20070226 rPSA-2007-0040-1 firefox): http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
BUGTRAQ (20070303 rPSA-2007-0040-3 firefox thunderbird): http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
FEDORA (FEDORA-2007-281): http://fedoranews.org/cms/node/2713
FEDORA (FEDORA-2007-293): http://fedoranews.org/cms/node/2728
GENTOO (GLSA-200703-04): http://security.gentoo.org/glsa/glsa-200703-04.xml
GENTOO (GLSA-200703-08): http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
GENTOO (GLSA-200703-18): http://security.gentoo.org/glsa/glsa-200703-18.xml
MANDRIVA (MDKSA-2007:050): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:050
MANDRIVA (MDKSA-2007:052): http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
REDHAT (RHSA-2007:0079): http://www.redhat.com/support/errata/RHSA-2007-0079.html
REDHAT (RHSA-2007:0077): http://rhn.redhat.com/errata/RHSA-2007-0077.html
REDHAT (RHSA-2007:0078): http://www.redhat.com/support/errata/RHSA-2007-0078.html
REDHAT (RHSA-2007:0097): http://www.redhat.com/support/errata/RHSA-2007-0097.html
REDHAT (RHSA-2007:0108): http://www.redhat.com/support/errata/RHSA-2007-0108.html
SUSE (SUSE-SA:2007:019): http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
UBUNTU (USN-428-1): http://www.ubuntu.com/usn/usn-428-1
UBUNTU (USN-431-1): http://www.ubuntu.com/usn/usn-431-1
CERT-VN (VU#761756): http://www.kb.cert.org/vuls/id/761756
BID (22694): http://www.securityfocus.com/bid/22694
FRSIRT (ADV-2007-0719): http://www.frsirt.com/english/advisories/2007/0719
FRSIRT (ADV-2007-0718): http://www.frsirt.com/english/advisories/2007/0718
SECTRACK (1017698): http://www.securitytracker.com/id?1017698
XF (mozilla-multiple-layout-code-execution(32704)): http://xforce.iss.net/xforce/xfdb/32704
SGI (20070301-01-P): ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
