Vulnerability Bulletins |
Actualización de Mozilla soluciona múltiples problemas de seguridad |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software |
Mozilla suite < 1.7.2 Mozilla Firefox < 0.9.3 Mozilla Thunderbird < 0.7.3 |
Description |
|
Se han descubierto diversas vulnerabilidades en la suite de aplicaciones de comunicaciones Mozilla, así como en su cliente de correo electrónico (Thunderbird) y el navegador (Firefox). Una de estas vulnerabilidades afecta a la navegación web. En determinadas circunstancias, el icono del candado y el certificado pueden, después de una conexión HTTPS, persistir al visitar otras páginas. Este hecho podría utilizarse para engañar al usuario haciéndole creer que sigue en un sitio legítimo (con una conexión segura, y acreditado por un certificado). Nótese que la barra de direcciones, si es visible, sí mostrará la dirección correcta. Por otra parte, certificados recibidos por e-mail podrían persistir sobre los certificados originales de las CA que vienen de serie en el programa. Si esto se produce, cualquier sitio web HTTPS no validará correctamente contra el nuevo certificado, de manera que el usuario no podrá establecer conexiones seguras acreditadas por certificados de esa CA. |
|
Solution |
|
Actualización de software Usuarios de Mozilla suite < 1.7.2 Actualización a Mozilla 1.7.2 http://www.mozilla.org Usuarios de Mozilla Firefox < 0.9.3 Actualización a Mozilla Firefox 0.9.3 http://www.mozilla.org Usuarios de Thunderbird 0.7.3 Actualización a Thunderbird 0.7.3 http://www.mozilla.org Mandrakelinux Mandrakelinux 9.2 ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libnspr4-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libnspr4-devel-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libnss3-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libnss3-devel-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm Mandrakelinux 9.2/AMD64 ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64nspr4-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64nspr4-devel-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64nss3-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64nss3-devel-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm Mandrakelinux 10.0 ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libnspr4-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libnspr4-devel-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libnss3-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libnss3-devel-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64nspr4-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64nspr4-devel-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64nss3-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64nss3-devel-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm SUSE Linux SUSE 8.1 Actualización disponible mediante Yast Online Update SUSE 8.2 Actualización disponible mediante Yast Online Update SUSE 9.0 Actualización disponible mediante Yast Online Update SUSE 9.1 Actualización disponible mediante Yast Online Update SUSE Linux Enterprise Server 8 Actualización disponible mediante Yast Online Update SUSE Linux Enterprise Server 9 Actualización disponible mediante Yast Online Update SUSE Linux Desktop 1.0 Actualización disponible mediante Yast Online Update Sun Solaris 8 SPARC http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-117765-02-1 x86 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-117766-02-1 Solaris 9 SPARC http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-117767-02-1 x86 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-117768-02-1 Sun Java Desktop System Sun Java Desktop System 2003 Sun Java Desktop System Release 2 http://wwws.sun.com/software/javadesktopsystem/faq.html#5q5 http://wwws.sun.com/software/javadesktopsystem/faq.html#5q7 SCO OpenServer 5.0.7 ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar |
|
Standar resources |
|
Property | Value |
CVE |
CAN-2004-0763 CAN-2004-0758 |
BID | |
Other resources |
|
Mozilla Security Advisories http://www.mozilla.org/projects/security/known-vulnerabilities.html Mandrake Security Advisory MDKSA-2004:082 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082 SUSE Security Announcement SUSE-SA:2004:036 http://www.suse.de/de/security/2004_36_mozilla.html Sun(sm) Alert Notification (57701) http://sunsolve.sun.com/search/document.do?assetkey=1-26-57701-1 SCO Security Advisory (SCOSA-2005.49) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-08-06 |
1.1 | Aviso emitido por Mandrake (MDKSA-2004:082) | 2004-08-13 |
1.2 | Aviso emitido por SUSE (SUSE-SA:2004:036) | 2004-10-07 |
1.3 | Aviso emitido por Sun (57701) | 2004-12-16 |
1.4 | Aviso actualizado por Sun (57701) | 2005-01-28 |
1.5 | Aviso emitido por SCO (SCOSA-2005.49) | 2005-11-28 |