Vulnerability Bulletins |
Cross-site scripting en Mozilla Firefox |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
Mozilla Firefox <1.0.1 Mozilla Suite <1.7.6 |
Description |
|
|
Se ha descubierto una vulnerabilidad de cross-site scripting en las versiones anteriores a la 1.0.1 de Mozilla Firefox. La vulnerabilidad reside en la funcionalidad que permite arrastrar y soltar enlaces en una pestaña para que sean abiertos. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante el uso de un enlace javascript: o data: especialmente diseñado que la víctima debe arrastrar y soltar en una pestaña de Mozilla. |
|
Solution |
|
|
Actualización de software Mozilla Mozilla Firefox 1.0.1 http://www.mozilla.org/products/firefox/all.html Mozilla Suite 1.7.6 http://www.mozilla.org/products/mozilla1.x/ Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ SUSE Linux SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.1-9.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.1-9.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.1-9.1.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.1-9.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.1-9.1.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0.1-9.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.1-9.1.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.1-2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.1-2.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.0.1-2.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.1-2.src.rpm Red Hat Linux (Mozilla) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2005-0231 |
| BID | |
Other resources |
|
|
Mozilla Foundation Security Advisory 2005-26 http://www.mozilla.org/security/announce/mfsa2005-26.html Red Hat Security Advisory RHSA-2005:176-11 https://rhn.redhat.com/errata/RHSA-2005-176.html SUSE Security Announcement SUSE-SA:2005:016 http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html Red Hat Security Advisory RHSA-2005:384-11 https://rhn.redhat.com/errata/RHSA-2005-384.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-02-28 |
| 1.1 | Aviso emitido por Red Hat (RHSA-2005:176-11). CAN añadido. | 2005-03-02 |
| 1.2 | Aviso emitido por SUSE (SUSE-SA:2005:016) | 2005-03-17 |
| 1.3 | Mozilla Suite 1.7.6 publicado | 2005-03-24 |
| 1.4 | Aviso emitido por Red Hat (RHSA-2005:384-11) | 2005-04-29 |