Vulnerability Bulletins |
Múltiples vulnerabilidades en Mozilla Firefox |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Confidencialidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
Firefox < 3.6.4 Firefox < 3.5.10 Thunderbird < 3.0.5 SeaMonkey < 2.0.5 Xulrunner |
Description |
|
|
Se han encontrado múltiples vulnerabilidades en Mozilla Firefox. Las vulnerabilidades son descritas a continuación: - CVE-2008-5913: La vulnerabilidad reside en un error en la función "Math.random()". Un atacante remoto podría identificar la sesión del navegador y asi realizar un seguimiento del usuario a través de los sitios web. - CVE-2010-1125: La vulnerabilidad reside en un error de la implementación Javascript de Firefox 3.x. Un atacante remoto podría robar información sensible, como nombres de usuario y contraseñas, mediante el envío de los datos de entrada de un formulario a otro oculto. - CVE-2010-1196: Se ha descubierto una vulnerabilidad de tipo desbordamiento de entero. La vulnerabilidad reside en un error en "nsGenericDOMDataNode::SetTextInternal". Un atacante remoto podría ejecutar código arbitrario con permisos del usuario mediante la manipulación especial de código HTML. - CVE-2010-1202: La vulnerabilidad reside en un error en el procesamiento de contenido web. Un atacante remoto podría ejecutar código arbitrario con permisos del usuario mediante la manipulación especial de código HTML. - CVE-2010-1203: La vulnerabilidad reside en un error en el procesamiento de contenido web. Un atacante remoto podría ejecutar código arbitrario con permisos del usuario mediante la manipulación especial de código HTML. |
|
Solution |
|
|
Actualización de software Red Hat (RHSA-2010:0500-1) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat (RHSA-2010:0501-1) RHEL Desktop Workstation (v. 5 cliente) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux Desktop (v. 5 cliente) https://rhn.redhat.com/ Mozilla Firefox 3.6.4 Firefox 3.5.10 http://www.mozilla.org/products/firefox/ Thunderbird 3.0.5 http://www.mozilla.org/products/thunderbird/ SeaMonkey 2.0.5 http://www.seamonkey-project.org/ Debian (DSA 2064-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.dsc http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.diff.gz independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-2_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_amd64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_arm.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_arm.deb armel (ARM EABI) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_armel.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_i386.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_ia64.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_mips.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_mipsel.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_powerpc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2008-5913 CVE-2010-1125 CVE-2010-1196 CVE-2010-1202 CVE-2010-1203 |
| BID | 33276 |
Other resources |
|
|
Red Hat Security Advisory (RHSA-2010:0500-1) https://rhn.redhat.com/errata/RHSA-2010-0500.html Red Hat Security Advisory (RHSA-2010:0501-1) https://rhn.redhat.com/errata/RHSA-2010-0501.html Mozilla Foundation Security Advisory (2010-26) http://www.mozilla.org/security/announce/2010/mfsa2010-26.html Mozilla Foundation Security Advisory (2010-29) http://www.mozilla.org/security/announce/2010/mfsa2010-29.html Mozilla Foundation Security Advisory (2010-31) http://www.mozilla.org/security/announce/2010/mfsa2010-31.html Mozilla Foundation Security Advisory (2010-33) http://www.mozilla.org/security/announce/2010/mfsa2010-33.html Debian Security Advisory (DSA 2064-1) http://lists.debian.org/debian-security-announce/2010/msg00108.html SUSE Security Advisory (SUSE-SA:2010:030) http://www.novell.com/linux/security/advisories/2010_30_firefox.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido, aviso emitido por Red Hat (RHSA-2010:0501-1), aviso emitido por Mozilla (2010-26),(2010-29),(2010-31),(2010-33) | 2010-06-23 |
| 1.1 | Aviso emitido por Debian (DSA 2064-1) | 2010-06-28 |
| 1.2 | Aviso emitido por Suse (SUSE-SA:2010:030) | 2010-07-26 |