Vulnerability Bulletins |
Cross-site-scripting en Firefox |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
RHEL Desktop Workstation (v. 5 cliente) - i386, x86_64 Red Hat Enterprise Linux (v. 5 servidor) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS v 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 cliente) - i386, x86_64 Red Hat Enterprise Linux Desktop v 4 - i386, x86_64 Red Hat Enterprise Linux ES v 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS v 4 - i386, ia64, x86_64 Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey 2.0.9 |
Description |
|
|
Se han descubierto múltiples vulnerabilidades. Las vulnerabilidades son descritas a continuación: CVE-2010-3173: La vulnerabilidad en la implementación del modo SSL "DHE". Un atacante remoto puede romper las claves mediante la manipulación especial de un modem. CVE-2010-3175: La vulnerabilidad en el procesamiento de contenido web malformado. Un atacante remoto puede ejecutar código arbitrario mediante páginas web especialmente modificadas. CVE-2010-3170: La vulnerabilidad reside en el modo "NSS" unido a los certificados SSL. Un atacante remoto puede realizar un ataque man-in-the-middle mediante el malintencionado del modo "NSS". CVE-2010-3176: La vulnerabilidad en el procesamiento de contenido web malformado. Un atacante remoto puede ejecutar código arbitrario mediante páginas web especialmente modificadas. CVE-2010-3177: La vulnerabilidad en el parseador "Gopher" en Firefox". Un atacante remoto puede ejecutar scripts Java aleatorios mediante nombres de archivos especialmente malformados. CVE-2010-3178: La vulnerabilidad reside en la políticas de Firefox. Un atacante remoto puede sobar datos privados mediante páginas web especialmente modificadas. CVE-2010-3179: La vulnerabilidad reside en el procesamiento de contenido web malformado. Un atacante remoto puede ejecutar código arbitrario mediante páginas web especialmente modificadas. CVE-2010-3180: La vulnerabilidad en el procesamiento de contenido web malformado. Un atacante remoto puede ejecutar código arbitrario mediante páginas web especialmente modificadas. CVE-2010-3182: La vulnerabilidad reside en los scripts lanzados por Firefox. Un atacante local puede ejecutar código arbitrario mediante la ejecución de Firefox en un directorio especialmente manipulado, CVE-2010-3183: La vulnerabilidad en el procesamiento de contenido web malformado. Un atacante remoto puede ejecutar código arbitrario mediante páginas web especialmente modificadas. |
|
Solution |
|
|
Actualización de software Red Hat (RHSA-2010:0782-01) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 cliente) https://rhn.redhat.com/ Mozilla Firefox 3.6.11 Firefox 3.5.14 Firefox 3.0.18 http://www.mozilla.org/products/firefox/ Thunderbird 3.1.15 Thunderbird 3.0.9 http://www.mozilla.org/products/thunderbird/ SeaMonkey 2.0.9 http://www.seamonkey-project.org/ Debian (DSA 2124-1) Debian Linux 5.0 Source archives: http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.dsc http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.diff.gz Architecture independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-6_all.deb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_alpha.deb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_amd64.deb arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_arm.deb armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_armel.deb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_i386.deb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_ia64.deb mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mips.deb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mipsel.deb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_powerpc.deb s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_s390.deb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_sparc.deb Red Hat (RHSA-2010:0861-2) Red Hat Enterprise Linux Desktop v.6 Red Hat Enterprise Linux Desktop Opcional v.6 Red Hat Enterprise Linux HPC Node v.6 Red Hat Enterprise Linux HPC Node Opcional v.6 Red Hat Enterprise Linux HPC Node v.6 Red Hat Enterprise Linux Servidor v.6 Red Hat Enterprise Linux Servidor Opcional v.6 Red Hat Enterprise Linux Workstation v.6 Red Hat Enterprise Linux Workstation Opcional v.6 https://rhn.redhat.com/ Red Hat (RHSA-2010:0862-2) Red Hat Enterprise Linux Desktop v.6 Red Hat Enterprise Linux Desktop Opcional v.6 Red Hat Enterprise Linux HPC Node v.6 Red Hat Enterprise Linux HPC Node Opcional v.6 Red Hat Enterprise Linux HPC Node v.6 Red Hat Enterprise Linux Servidor v.6 Red Hat Enterprise Linux Servidor Opcional v.6 Red Hat Enterprise Linux Workstation v.6 Red Hat Enterprise Linux Workstation Opcional v.6 https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2010-3170 CVE-2010-3173 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 |
| BID | |
Other resources |
|
|
Red Hat Security Advisory (RHSA-2010:0782-01) https://rhn.redhat.com/errata/RHSA-2010-0782.html Mozilla Foundation Security Advisory (2010-72) http://www.mozilla.org/security/announce/2009/mfsa2010-72.html Mozilla Foundation Security Advisory (2010-67) http://www.mozilla.org/security/announce/2009/mfsa2010-67.html Mozilla Foundation Security Advisory (2010-66) http://www.mozilla.org/security/announce/2009/mfsa2010-66.html Mozilla Foundation Security Advisory (2010-65) http://www.mozilla.org/security/announce/2009/mfsa2010-65.html Mozilla Foundation Security Advisory (2010-64) http://www.mozilla.org/security/announce/2009/mfsa2010-64.html Debian Security Advisory (DSA-2123-1) http://lists.debian.org/debian-security-announce/2010/msg00173.html Debian Security Advisory (DSA 2124-1) http://lists.debian.org/debian-security-announce/2010/msg00174.html Red Hat Security Advisory (RHSA- 2010:0861-02) https://rhn.redhat.com/errata/RHSA-2010-0861.html Red Hat Security Advisory (RHSA- 2010:0862-02) https://rhn.redhat.com/errata/RHSA-2010-0862.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2010-10-20 |
| 1.1 | Aviso emitido por Mozilla | 2010-10-28 |
| 1.2 | Aviso emitido por Debian (DSA-2123-1) | 2010-11-02 |
| 1.3 | Aviso emitido por Debian (DSA 2124-1) | 2010-11-05 |
| 1.4 | Aviso actualizado por Red Hat (2010:0861-02) | 2010-11-11 |
| 1.5 | Aviso emitido por Red Hat (2010:0862-02) | 2010-11-11 |