Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Производитель ПО
Наименование ПО
Mozilla
(2.0.0.11)
SeaMonkey
(1.0 Alpha, 1.0 Beta)
Thunderbird
(1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.5 Beta, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.5, 1.5 Beta 2, 1.5.0.1, 1.5.0.2)
Описание
Mozilla Firefox, Mozilla Suite и SeaMonkey позволяют злоумышленникам, действующим удаленно, читать произвольные файлы, если вставить соответствующее имя файла в текстовое поле и затем использовать это поле как поле загрузки файла, или если изменить тип поля ввода, связанного с обработчиком события.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.mozilla.org/
http://www.mozilla.org/
Ссылки
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
REDHAT (RHSA-2006:0328): http://www.redhat.com/support/errata/RHSA-2006-0328.html
BID (17516): http://www.securityfocus.com/bid/17516
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:075): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
FEDORA (FEDORA-2006-410): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
FEDORA (FEDORA-2006-411): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
SUSE (SUSE-SA:2006:021): http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
UBUNTU (USN-271-1): http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
SUSE (SUSE-SA:2006:035): http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1929): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1929
XF (mozilla-textbox-file-access(25823)): http://xforce.iss.net/xforce/xfdb/25823
REDHAT (RHSA-2006:0328): http://www.redhat.com/support/errata/RHSA-2006-0328.html
BID (17516): http://www.securityfocus.com/bid/17516
FRSIRT (ADV-2006-1356): http://www.frsirt.com/english/advisories/2006/1356
DEBIAN (DSA-1044): http://www.debian.org/security/2006/dsa-1044
GENTOO (GLSA-200604-12): http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
MANDRIVA (MDKSA-2006:075): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075
MANDRIVA (MDKSA-2006:076): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
DEBIAN (DSA-1046): http://www.debian.org/security/2006/dsa-1046
GENTOO (GLSA-200604-18): http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
UBUNTU (USN-275-1): http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
SGI (20060404-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
DEBIAN (DSA-1051): http://www.debian.org/security/2006/dsa-1051
FEDORA (FEDORA-2006-410): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
FEDORA (FEDORA-2006-411): http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
SUSE (SUSE-SA:2006:021): http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
UBUNTU (USN-271-1): http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
REDHAT (RHSA-2006:0329): http://www.redhat.com/support/errata/RHSA-2006-0329.html
FEDORA (FLSA:189137-1): http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
FEDORA (FLSA:189137-2): http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
SUSE (SUSE-SA:2006:035): http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
SCO (SCOSA-2006.26): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SUNALERT (102550): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
FRSIRT (ADV-2006-3391): http://www.frsirt.com/english/advisories/2006/3391
HP (HPSBUX02153): http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
OVAL (oval:org.mitre.oval:def:1929): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1929
XF (mozilla-textbox-file-access(25823)): http://xforce.iss.net/xforce/xfdb/25823