Vulnerabilidad en el Servicio de Búsqueda de Plugins de Mozilla Firefox
|
Vulnerability classification
|
Property |
Value |
Confidence level |
Oficial |
Impact |
Obtener acceso |
Dificulty |
Experto |
Required attacker level |
Acceso remoto sin cuenta a un servicio estandar |
System information
|
Property |
Value |
Affected manufacturer |
GNU/Linux |
Affected software |
Firefox <1.0.3 |
Description
|
Se ha descubierto una vulnerabilidad en las versiones anteriores a la 1.0.3 de Mozilla Firefox. La vulnerabilidad reside en el Servicio de Búsqueda de Plugins, concretamente en el manejo del atributo PLUGINSPACE de la etiqueta EMBED cuando no se ha encontrado el plugin adecuado.
La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código javascript arbitrario mediante el uso de una página Web especialmente diseñada. |
Solution
|
Actualización de software
Mozilla
Firefox 1.0.3
http://www.mozilla.org/products/firefox/all.html
Red Hat Linux (Firefox)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
https://rhn.redhat.com/
SUSE Linux
SUSE Linux 9.3
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.3-1.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-translations-1.0.3-1.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.1.x86_64.rpm
x86-64
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspector-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.2.src.rpm
SUSE Linux 9.2
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.3-1.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-17.9.i586.rpm
x86-64
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.3-1.1.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspector-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.3-1.1.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.9.src.rpm
SUSE Linux 9.1
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.3-0.5.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.3-0.5.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0.3-0.5.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.3-0.5.src.rpm
SUSE Linux 9.0
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.3-3.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.3-3.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.0.3-3.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.3-3.src.rpm |
Standar resources
|
Property |
Value |
CVE |
CAN-2005-0752 |
BID |
NULL |
Other resources
|
Mozilla Foundation Security Advisory 2005-34
http://www.mozilla.org/security/announce/mfsa2005-34.html
Red Hat Security Advisory RHSA-2005:383-07
https://rhn.redhat.com/errata/RHSA-2005-383.html
SUSE Security Announcement SUSE-SA:2005:028
http://www.novell.com/linux/security/advisories/2005_28_mozilla_firefox.html |
Version history
|
Version |
Comments |
Date |
1.0
|
Aviso emitido
|
2005-04-18
|
1.1
|
Aviso emitido por Red Hat (RHSA-2005:383-07)
|
2005-04-22
|
1.2
|
Aviso emitido por SUSE (SUSE-SA:2005:028)
|
2005-04-28
|