安全研究

安全漏洞
Mozilla产品多个安全漏洞

发布日期:2007-05-31
更新日期:2007-06-01

受影响系统:
Mozilla Firefox <= 2.0.0.3
Mozilla Thunderbird < 1.5.0.12
Mozilla SeaMonkey < 1.0.9
不受影响系统:
Mozilla Firefox 2.0.0.4
Mozilla Thunderbird 1.5.0.12
Mozilla SeaMonkey 1.0.9
描述:
BUGTRAQ  ID: 24242
CVE(CAN) ID: CVE-2007-2867,CVE-2007-2868,CVE-2007-2869,CVE-2007-2870,CVE-2007-2871,CVE-2007-1362

Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。

上述产品中存在多个安全漏洞,具体如下:

1 JavaScript引擎中的漏洞可能导致内存破坏和执行任意代码。

2 恶意的Web页面可能会对表单自动完成功能执行拒绝服务攻击,拒绝服务会在会话间持续,直至删除恶意的表单数据。如果用户能够用大量字符填充文本字段并提交表单的话,就会导致在读取表单数据期间浏览器挂起几分钟。每次重启浏览器后触发首次的自动完成功能都会出现这种情况。

3 Mozilla客户端处理cookie存在两个漏洞。第一个漏洞是没有对cookie路径参数执行任何长度检查,导致受害用户的浏览器可能在运行期间使用过多的内存,浪费过多的磁盘空间存储cookie直至过期。HTTP服务器所发送的Cookie应受HTTP头大小的合理限制,但通过JavaScript所创建并使用document.cookie所添加的cookie可能拥有任意长度的路径,甚至为数十兆。

第二个漏洞是没有检查cookie路径和名称值中是否存在用于内部cookie存储的分隔符,如果存在的话可能导致之后解释cookie数据混乱,其中的一种异常是不安全的站点可能创建“安全”的cookie。

4 攻击者可以利用addEventListener方式违背浏览器的同源策略向其他站点注入脚本,导致访问或修改该站点的保密或有价值的信息。

5 Web内容所打开的XUL弹出框可能位于内容区域之外,导致欺骗或隐藏部分浏览器chrome,如地址栏。

<*来源:Boris Zbarsky
        Eli Friedman
        Georgi Guninski (guninski@guninski.com
        Martijn Wargers
        Olli Pettay
        Brendan Eich
        Igor Bukanov
        Jesse Ruderman (jruderman@gmail.com
        moz_bug_r_a4 (moz_bug_r_a4@yahoo.com
        Wladimir Palant
        Chris Thomas
  
  链接:http://secunia.com/advisories/23282/
        http://secunia.com/advisories/25489/
        http://secunia.com/advisories/25488/
        http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
        http://www.mozilla.org/security/announce/2007/mfsa2007-16.html
        http://www.mozilla.org/security/announce/2007/mfsa2007-14.html
        http://www.mozilla.org/security/announce/2007/mfsa2007-13.html
        http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
        http://secunia.com/advisories/27427/
        http://www.us-cert.gov/cas/techalerts/TA07-151A.html
        https://www.redhat.com/support/errata/RHSA-2007-0402.html
        https://www.redhat.com/support/errata/RHSA-2007-0400.html
        https://rhn.redhat.com/errata/RHSA-2007-0401.html
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103125-1
        http://www.debian.org/security/2007/dsa-1300
*>

建议:
临时解决方法:

* 在Thunderbird或SeaMonkey的邮件部分禁用JavaScript。
* 从“工具”菜单的“清除隐私数据”项中删除所存储的表单数据;必须在重启浏览器后在表单字段中输入任何内容之前立即完成以防在清除数据前触发挂起。

厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1300-1)以及相应补丁:
DSA-1300-1:New iceape packages fix several vulnerabilities
链接:http://www.debian.org/security/2007/dsa-1300

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.dsc
Size/MD5 checksum:     1403 fac51ae60382306a1f5937d393cad9b8
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.diff.gz
Size/MD5 checksum:   265235 f0632d0ab1011723516b42ddc3fbf077
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9.orig.tar.gz
Size/MD5 checksum: 42936008 f3f2409c45e5e48124159f71c3f305db

Architecture independent components:

http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.9-0etch1_all.deb
Size/MD5 checksum:   278514 abeb91d6d747fbd2a2dc4c53a0c1b730
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.9-0etch1_all.deb
Size/MD5 checksum:  3655228 aeaa72117bdef3db570d175294003567
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1_all.deb
Size/MD5 checksum:    27642 2c103331d2f75caab26dc5c5c5b53db5
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    27172 6461173091e780104247676063370dd4
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26244 3a26fad0fccac9cb3f0a3826eaba0398
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26258 6c114441ed304d22a68626e641714a32
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26380 36e2977fd80cdf0e5132d3e5d3d7566f
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26280 4f803f93ba3146cf3568a8255d7ff1ce
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26276 fc04a5e05749f469061437aebce7e25c
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26266 b14a9f36ebf0b29133dd6d136d74b1d4
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26248 ffa152a5ad9a647f7b6c7b509542b6c4
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.9-0etch1_all.deb
Size/MD5 checksum:    26240 ef0a008c5d7c4d832dde3bb10fa06ef1

Alpha architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_alpha.deb
Size/MD5 checksum: 12865430 8418f1985dc4615ef0507f14c06ab65a
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_alpha.deb
Size/MD5 checksum:   625182 0a1b310be2bd861d5686b03b9ac1ad4a
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_alpha.deb
Size/MD5 checksum: 60530626 66a769a586e4bce6abfcae5f31abd779
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_alpha.deb
Size/MD5 checksum:   196750 364d4c0c512880760c200dcc796100cc
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_alpha.deb
Size/MD5 checksum:    52960 1c12d82410100d48a17ec75c4fc0c0d4
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_alpha.deb
Size/MD5 checksum:  2281764 4955a49cf9ef25f24ffd37768864564d

AMD64 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_amd64.deb
Size/MD5 checksum: 11647006 a84a6860787ef130576e7fb11f8eabec
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_amd64.deb
Size/MD5 checksum:   608506 1bf656a5edc44eb320997a42a1fad33c
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_amd64.deb
Size/MD5 checksum: 59537150 2ed3859e18f3bab0b6b48e6d91e653c3
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_amd64.deb
Size/MD5 checksum:   193924 7b741afe2710da66e2306f681a8323a5
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_amd64.deb
Size/MD5 checksum:    52456 c762266f74dd5db459d4b40763c70d10
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_amd64.deb
Size/MD5 checksum:  2090278 1fff0ff3907d8990df3874a295ab795b

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_hppa.deb
Size/MD5 checksum: 12941432 53b838fbda55ae87993a2be1bb8787f6
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_hppa.deb
Size/MD5 checksum:   614398 15b391e088060d1065354384af4dd688
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_hppa.deb
Size/MD5 checksum: 60391748 e26a56439db9415ae0226c4fa28c2e79
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_hppa.deb
Size/MD5 checksum:   196962 cb87bee865d7f77a525d3e75707c50a0
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_hppa.deb
Size/MD5 checksum:    53538 93a72fdb9dacbf0f690a6c20222842a5
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_hppa.deb
Size/MD5 checksum:  2338650 4e68071e6271350ad331f6f387328450

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_i386.deb
Size/MD5 checksum: 10454294 da901720379e4b1bad94459ba8053687
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_i386.deb
Size/MD5 checksum:   587850 ec7ad19e450d2490ff3ebd1b50bf4096
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_i386.deb
Size/MD5 checksum: 58613040 7ffa59d625d92dd2975c8df5ffe773c7
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_i386.deb
Size/MD5 checksum:   188602 970dba31c02d4fecf9418f4d2e783dff
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_i386.deb
Size/MD5 checksum:    47562 a8435ff7e0e9256fd18dba5563a52f61
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_i386.deb
Size/MD5 checksum:  1889432 af7c62e7b76245ca48a8253beb9d450d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_ia64.deb
Size/MD5 checksum: 15756760 95de0b7bb5cd9b7f4f9f30b6eb0880cd
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_ia64.deb
Size/MD5 checksum:   660486 7903f3f9c0dc33d2a603d67ec1796d4f
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_ia64.deb
Size/MD5 checksum: 59810372 007d904791cfd676855b88dcb837f8ee
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_ia64.deb
Size/MD5 checksum:   203602 e6ec5ad7093347c8bae4a4bf5232ba98
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_ia64.deb
Size/MD5 checksum:    61072 976efb7973f37f1dea1304d65aeaac3f
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_ia64.deb
Size/MD5 checksum:  2815398 1e2078b5d7adab616fa3f5dc16bee183

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mips.deb
Size/MD5 checksum: 11102688 a2332134ba7eca56ea9d2fd2300d38fd
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mips.deb
Size/MD5 checksum:   598284 8db74e82ba6915c61ad634cd2997c34e
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mips.deb
Size/MD5 checksum: 61397714 de6b3f48f35ad453900025ec3de34baf
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mips.deb
Size/MD5 checksum:   190580 089d2bfc82e5bbccd28e2d39d63ff3e5
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mips.deb
Size/MD5 checksum:    49058 fba4238a8887be242521fc1b13329a68
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mips.deb
Size/MD5 checksum:  1955378 a5e472ed92e8be52cee996d111210732

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mipsel.deb
Size/MD5 checksum: 10890126 da61a2407cb332806ef54f30c6683055
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mipsel.deb
Size/MD5 checksum:   594906 6da11b3f0e5da40aac23e8fcea295405
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mipsel.deb
Size/MD5 checksum: 59749198 d336210141b28e1e54c351d7da403e76
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mipsel.deb
Size/MD5 checksum:   190102 a5619388f97802a39a7ebd8e72930581
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mipsel.deb
Size/MD5 checksum:    48856 85ccbe07938b1b0bd7c2bb6f5116b1e5
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mipsel.deb
Size/MD5 checksum:  1940148 1f5dd8c10e94e3362ef3ce6abca7665c

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_powerpc.deb
Size/MD5 checksum: 11286956 52990bdec220bab9968d859c79e8cbe8
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_powerpc.deb
Size/MD5 checksum:   595182 6f9393fc2c13eea7e281a57b6955cd05
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_powerpc.deb
Size/MD5 checksum: 61536458 981f8b40052ab8a3d78fbd7a90acedf7
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_powerpc.deb
Size/MD5 checksum:   190982 d7e50ff547bf3a4f7633ab5dd56c8e9e
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_powerpc.deb
Size/MD5 checksum:    48376 9409001d405fdbf55a9825ee3f60cf85
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_powerpc.deb
Size/MD5 checksum:  2005444 0b699049484cc571b7516efc43afd6ad

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_s390.deb
Size/MD5 checksum: 12266856 9014128ea5980d3ee1c6203883ec3d42
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_s390.deb
Size/MD5 checksum:   610568 1f7d3b6e02bca35cac33df9083ec5809
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_s390.deb
Size/MD5 checksum: 60291956 fb54cc2a913940344cd70799511ac524
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_s390.deb
Size/MD5 checksum:   195766 9a53913dc7c84a73b32aa438f51e5c36
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_s390.deb
Size/MD5 checksum:    53044 2b8eeeeacfdc9fbbf891103af7b97e08
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_s390.deb
Size/MD5 checksum:  2184358 c233670f97859a3e1e18ae168cd4a1c6

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_sparc.deb
Size/MD5 checksum: 10634168 95edbd8c95e760fef36e0ca194fc1c23
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_sparc.deb
Size/MD5 checksum:   584234 50ca6c5a2b8031467cf7e77aba71f9d8
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_sparc.deb
Size/MD5 checksum: 58430974 883810feeb6d0e95df3cbe98899e3103
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_sparc.deb
Size/MD5 checksum:   188526 4b3615b67bda657d68b2922a6a1dffe8
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_sparc.deb
Size/MD5 checksum:    47082 4089406c7cefccf3692c8d4dba2119a7
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_sparc.deb
Size/MD5 checksum:  1894500 9a1ce67eca6cfbc42c2394783ed10234

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

Mozilla
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.mozilla.org/projects/seamonkey/releases/
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/thunderbird/all.html

RedHat
------
RedHat已经为此发布了安全公告(RHSA-2007:0401-01,RHSA-2007:0400-01,RHSA-2007:0402-01)以及相应补丁:
RHSA-2007:0401-01:Critical: thunderbird security update
链接:https://rhn.redhat.com/errata/RHSA-2007-0401.html

RHSA-2007:0400-01:Critical: firefox security update
链接:https://www.redhat.com/support/errata/RHSA-2007-0400.html

RHSA-2007:0402-01:Critical: seamonkey security update
链接:https://www.redhat.com/support/errata/RHSA-2007-0402.html

Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-103125)以及相应补丁:
Sun-Alert-103125:Multiple Security Vulnerabilities in JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103125-1

浏览次数:3798
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客