Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
Mozilla
(2.0.0.11)
SeaMonkey
(1.0 Alpha, 1.0 Beta)
Thunderbird
(1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.5 Beta, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.5, 1.5 Beta 2, 1.5.0.1, 1.5.0.2)
Описание
Уязвимость в Mozilla Firefox, Thunderbird, Mozilla Suite и SeaMonkey позволяет злоумышленникам, действующим удаленно, выполнять произвольный код по векторам, связанным с использованием метода crypto.generateCRMFRequest.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.mozilla.org/
http://www.mozilla.org/
Ссылки
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
REDHAT (RHSA-2006:0328): http://www.redhat.com/support/errata/RHSA-2006-0328.html
CERT-VN (VU#932734): http://www.kb.cert.org/vuls/id/932734
BID (17516): http://www.securityfocus.com/bid/17516
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
SECTRACK (1015922): http://securitytracker.com/id?1015922
SECTRACK (1015923): http://securitytracker.com/id?1015923
SECTRACK (1015924): http://securitytracker.com/id?1015924
SECTRACK (1015925): http://securitytracker.com/id?1015925
CERT (TA06-107A): http://www.us-cert.gov/cas/techalerts/TA06-107A.html
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:075): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
MANDRIVA (MDKSA-2006:078): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SUSE (SUSE-SA:2006:022): http://www.novell.com/linux/security/advisories/2006_04_25.html
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
UBUNTU (USN-276-1): http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
FEDORA (FEDORA-2006-410): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
FEDORA (FEDORA-2006-411): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
SUSE (SUSE-SA:2006:021): http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
UBUNTU (USN-271-1): http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
GENTOO (GLSA-200605-09): http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HP (HPSBTU02118): http://www.securityfocus.com/archive/1/archive/1/434524/100/0/threaded
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
REDHAT (RHSA-2006:0330): http://www.redhat.com/support/errata/RHSA-2006-0330.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
HP (HPSBUX02122): http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HP (HPSBUX02156): http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1698): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1698
SUNALERT (102763): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
FRSIRT (ADV-2007-0058): http://www.frsirt.com/english/advisories/2007/0058
XF (mozilla-generatecrmfrequest-code-execution(25812)): http://xforce.iss.net/xforce/xfdb/25812
REDHAT (RHSA-2006:0328): http://www.redhat.com/support/errata/RHSA-2006-0328.html
CERT-VN (VU#932734): http://www.kb.cert.org/vuls/id/932734
BID (17516): http://www.securityfocus.com/bid/17516
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
SECTRACK (1015922): http://securitytracker.com/id?1015922
SECTRACK (1015923): http://securitytracker.com/id?1015923
SECTRACK (1015924): http://securitytracker.com/id?1015924
SECTRACK (1015925): http://securitytracker.com/id?1015925
CERT (TA06-107A): http://www.us-cert.gov/cas/techalerts/TA06-107A.html
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:075): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
MANDRIVA (MDKSA-2006:078): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SUSE (SUSE-SA:2006:022): http://www.novell.com/linux/security/advisories/2006_04_25.html
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
UBUNTU (USN-276-1): http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
FEDORA (FEDORA-2006-410): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
FEDORA (FEDORA-2006-411): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
SUSE (SUSE-SA:2006:021): http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
UBUNTU (USN-271-1): http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
GENTOO (GLSA-200605-09): http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HP (HPSBTU02118): http://www.securityfocus.com/archive/1/archive/1/434524/100/0/threaded
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
REDHAT (RHSA-2006:0330): http://www.redhat.com/support/errata/RHSA-2006-0330.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
HP (HPSBUX02122): http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HP (HPSBUX02156): http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1698): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1698
SUNALERT (102763): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
FRSIRT (ADV-2007-0058): http://www.frsirt.com/english/advisories/2007/0058
XF (mozilla-generatecrmfrequest-code-execution(25812)): http://xforce.iss.net/xforce/xfdb/25812