Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
Mozilla
(2.0.0.11)
SeaMonkey
(1.0 Alpha, 1.0 Beta)
Thunderbird
(1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.5 Beta, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.5, 1.5 Beta 2, 1.5.0.1, 1.5.0.2)
Описание
Mozilla Firefox, Mozilla Thunderbird, Mozilla Suite и SeaMonkey позволяют злоумышленникам, действующим удаленно, выполнять произвольный код, используя некорректное взаимное расположение тэгов таблиц, которое приводит к использованию отрицательных значений индексов массивов.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.mozilla.org/
В качестве временного решения рекомендует отключить поддержку JavaScript.
http://www.mozilla.org/
В качестве временного решения рекомендует отключить поддержку JavaScript.
Ссылки
BID (17516): http://www.securityfocus.com/bid/17516
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
BUGTRAQ (20060426 ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability): http://www.securityfocus.com/archive/1/archive/1/432103/100/0/threaded
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:075): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
MANDRIVA (MDKSA-2006:078): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SUSE (SUSE-SA:2006:022): http://www.novell.com/linux/security/advisories/2006_04_25.html
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
UBUNTU (USN-276-1): http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
GENTOO (GLSA-200605-09): http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
REDHAT (RHSA-2006:0330): http://www.redhat.com/support/errata/RHSA-2006-0330.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
HP (HPSBUX02122): http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HP (HPSBUX02156): http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1189): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1189
XF (mozilla-table-rebuilding-code-execution(25985)): http://xforce.iss.net/xforce/xfdb/25985
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
BUGTRAQ (20060426 ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability): http://www.securityfocus.com/archive/1/archive/1/432103/100/0/threaded
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:075): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
MANDRIVA (MDKSA-2006:078): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SUSE (SUSE-SA:2006:022): http://www.novell.com/linux/security/advisories/2006_04_25.html
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
UBUNTU (USN-276-1): http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
GENTOO (GLSA-200605-09): http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
REDHAT (RHSA-2006:0330): http://www.redhat.com/support/errata/RHSA-2006-0330.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
HP (HPSBUX02122): http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HP (HPSBUX02156): http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1189): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1189
XF (mozilla-table-rebuilding-code-execution(25985)): http://xforce.iss.net/xforce/xfdb/25985