Boletines de Vulnerabilidades |
Ejecución de código arbitrario en Mozilla Firefox |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Firefox <1.0.3 |
Descripción |
|
Se ha descubierto una vulnerabilidad en las versiones anteriores a la 1.0.3 de Mozilla Firefox. La vulnerabilidad reside en la falta de validaciones de seguridad cuando se abren enlaces en el panel lateral. La explotación de esta vulnerabilidad podría permitir a un atacante remoto abrir una página privilegiada y después inyectar código javascript arbitrario mediante el uso de una url javascript:. |
|
Solución |
|
Actualización de software Mozilla Firefox 1.0.3 http://www.mozilla.org/products/firefox/all.html Red Hat Linux (Firefox) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.3-1.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-translations-1.0.3-1.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-17.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.1.x86_64.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspector-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.5-17.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.2.src.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.3-1.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.9.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2-17.9.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17.9.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-1.7.2-17.9.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.9.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.9.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1.7.2-17.9.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-17.9.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.3-1.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspector-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.2-17.9.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.3-1.1.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.9.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.3-0.5.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.3-0.5.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0.3-0.5.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.3-0.5.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.3-3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.3-3.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.0.3-3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.3-3.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-1158 |
BID | |
Recursos adicionales |
|
Mozilla Foundation Security Advisory 2005-39 http://www.mozilla.org/security/announce/mfsa2005-39.html Red Hat Security Advisory RHSA-2005:383-07 https://rhn.redhat.com/errata/RHSA-2005-383.html SUSE Security Announcement SUSE-SA:2005:028 http://www.novell.com/linux/security/advisories/2005_28_mozilla_firefox.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-04-18 |
1.1 | Aviso emitido por Red Hat (RHSA-2005:383-07). CAN añadido. | 2005-04-22 |
1.2 | Aviso emitido por SUSE (SUSE-SA:2005:028) | 2005-04-28 |