Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Производитель ПО
Наименование ПО
Описание
Дочерние фреймы в Mozilla Firefox и SeaMonkey наследуют стандартные параметры кодировки от родительского окна, что позволяет злоумышленникам, действующим удаленно, производить атаки межсайтового выполнения сценариев, в частности - с использованием кодировки UTF-7.
Как исправить
Установите обновление:
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Ссылки
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.hardened-php.net/advisory_032007.142.html
REDHAT (RHSA-2007:0079): http://www.redhat.com/support/errata/RHSA-2007-0079.html
BUGTRAQ (20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability): http://www.securityfocus.com/archive/1/archive/1/461076/100/0/threaded
BUGTRAQ (20070226 rPSA-2007-0040-1 firefox): http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
https://issues.rpath.com/browse/RPL-1103
FEDORA (FEDORA-2007-281): http://fedoranews.org/cms/node/2713
FEDORA (FEDORA-2007-293): http://fedoranews.org/cms/node/2728
MANDRIVA (MDKSA-2007:050): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:050
REDHAT (RHSA-2007:0077): http://rhn.redhat.com/errata/RHSA-2007-0077.html
REDHAT (RHSA-2007:0078): http://www.redhat.com/support/errata/RHSA-2007-0078.html
REDHAT (RHSA-2007:0097): http://www.redhat.com/support/errata/RHSA-2007-0097.html
REDHAT (RHSA-2007:0108): http://www.redhat.com/support/errata/RHSA-2007-0108.html
SUSE (SUSE-SA:2007:019): http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
UBUNTU (USN-428-1): http://www.ubuntu.com/usn/usn-428-1
BID (22694): http://www.securityfocus.com/bid/22694
FRSIRT (ADV-2007-0718): http://www.frsirt.com/english/advisories/2007/0718
SECTRACK (1017702): http://www.securitytracker.com/id?1017702
SGI (20070301-01-P): ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://www.hardened-php.net/advisory_032007.142.html
REDHAT (RHSA-2007:0079): http://www.redhat.com/support/errata/RHSA-2007-0079.html
BUGTRAQ (20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability): http://www.securityfocus.com/archive/1/archive/1/461076/100/0/threaded
BUGTRAQ (20070226 rPSA-2007-0040-1 firefox): http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
https://issues.rpath.com/browse/RPL-1103
FEDORA (FEDORA-2007-281): http://fedoranews.org/cms/node/2713
FEDORA (FEDORA-2007-293): http://fedoranews.org/cms/node/2728
MANDRIVA (MDKSA-2007:050): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:050
REDHAT (RHSA-2007:0077): http://rhn.redhat.com/errata/RHSA-2007-0077.html
REDHAT (RHSA-2007:0078): http://www.redhat.com/support/errata/RHSA-2007-0078.html
REDHAT (RHSA-2007:0097): http://www.redhat.com/support/errata/RHSA-2007-0097.html
REDHAT (RHSA-2007:0108): http://www.redhat.com/support/errata/RHSA-2007-0108.html
SUSE (SUSE-SA:2007:019): http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
UBUNTU (USN-428-1): http://www.ubuntu.com/usn/usn-428-1
BID (22694): http://www.securityfocus.com/bid/22694
FRSIRT (ADV-2007-0718): http://www.frsirt.com/english/advisories/2007/0718
SECTRACK (1017702): http://www.securitytracker.com/id?1017702
SGI (20070301-01-P): ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc