Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
Mozilla
(2.0.0.11)
SeaMonkey
(1.0 Alpha, 1.0 Beta)
Thunderbird
(1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.5 Beta, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.5, 1.5 Beta 2, 1.5.0.1, 1.5.0.2)
Описание
Mozilla Firefox, Thunderbird, Mozilla Suite и SeaMonkey позволяют злоумышленникам, действующим удаленно, повысить свои привилегии до уровня администратора по множественным векторам атаки, связанным с использованием скриптов XBL с функцией "Print Preview".
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.mozilla.org/
http://www.mozilla.org/
Ссылки
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
REDHAT (RHSA-2006:0328): http://www.redhat.com/support/errata/RHSA-2006-0328.html
BID (17516): http://www.securityfocus.com/bid/17516
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
SECTRACK (1015926): http://securitytracker.com/id?1015926
SECTRACK (1015927): http://securitytracker.com/id?1015927
SECTRACK (1015928): http://securitytracker.com/id?1015928
SECTRACK (1015929): http://securitytracker.com/id?1015929
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
MANDRIVA (MDKSA-2006:078): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SUSE (SUSE-SA:2006:022): http://www.novell.com/linux/security/advisories/2006_04_25.html
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
UBUNTU (USN-276-1): http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
FEDORA (FEDORA-2006-410): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
FEDORA (FEDORA-2006-411): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
SUSE (SUSE-SA:2006:021): http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
UBUNTU (USN-271-1): http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
GENTOO (GLSA-200605-09): http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
REDHAT (RHSA-2006:0330): http://www.redhat.com/support/errata/RHSA-2006-0330.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
HP (HPSBUX02122): http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HP (HPSBUX02156): http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1649): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1649
XF (mozilla-printpreview-privilege-escalation(25824)): http://xforce.iss.net/xforce/xfdb/25824
REDHAT (RHSA-2006:0328): http://www.redhat.com/support/errata/RHSA-2006-0328.html
BID (17516): http://www.securityfocus.com/bid/17516
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
SECTRACK (1015926): http://securitytracker.com/id?1015926
SECTRACK (1015927): http://securitytracker.com/id?1015927
SECTRACK (1015928): http://securitytracker.com/id?1015928
SECTRACK (1015929): http://securitytracker.com/id?1015929
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
MANDRIVA (MDKSA-2006:078): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SUSE (SUSE-SA:2006:022): http://www.novell.com/linux/security/advisories/2006_04_25.html
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
UBUNTU (USN-276-1): http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
FEDORA (FEDORA-2006-410): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
FEDORA (FEDORA-2006-411): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
SUSE (SUSE-SA:2006:021): http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
UBUNTU (USN-271-1): http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
GENTOO (GLSA-200605-09): http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
REDHAT (RHSA-2006:0330): http://www.redhat.com/support/errata/RHSA-2006-0330.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
HP (HPSBUX02122): http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HP (HPSBUX02156): http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1649): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1649
XF (mozilla-printpreview-privilege-escalation(25824)): http://xforce.iss.net/xforce/xfdb/25824
