安全研究
安全漏洞
Mozilla Firefox 2.0.0.19及3.0.5版本修复多个安全漏洞
发布日期:2008-12-16
更新日期:2008-12-18
受影响系统:
Mozilla Firefox < 3.0.5不受影响系统:
Mozilla Firefox < 2.0.0.19
Mozilla Thunderbird < 3.0.5
Mozilla SeaMonkey < 1.1.14
Mozilla Firefox 3.0.5描述:
Mozilla Firefox 2.0.0.19
Mozilla Thunderbird 3.0.5
Mozilla SeaMonkey 1.1.14
BUGTRAQ ID: 32882
CVE(CAN) ID: CVE-2008-5500,CVE-2008-5501,CVE-2008-5503,CVE-2008-5504,CVE-2008-5505,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2008-5513,CVE-2008-5502
Firefox是Mozilla所发布的开源WEB浏览器。
Firefox中的多个安全漏洞允许恶意用户泄露敏感信息、绕过安全限制、执行欺骗攻击或入侵用户系统。由于代码共享,Thunderbird和SeaMonkey也受这些漏洞的影响。
1) 布局和JavaScript引擎中的多个错误可能导致内存破坏并执行任意代码。
2) 在处理persist XUL属性中的错误可能导致绕过cookie设置,在之后浏览会话中识别出用户。
3) XBL绑定中的错误可能被利用绕过同源策略泄露敏感信息或以chrome权限执行JavaScript代码。
4) 如果对302重新定向到不同域中资源的同源资源执行了XMLHttpRequest请求的话,跨域资源的响应是发布XHR的站点可读的。标记为HttpOnly的Cookie不可读,但XHR响应可能泄露其他敏感数据,包括响应体中的URL参数和内容。
5) 如果同域JavaScript URL重新定向到的非同域目标资源包含有不可解析为JavaScript的数据的话,则在试图以JavaScript加载数据时生成的句法错误可能通过window.onerror DOM API泄露一些文件。
6) 如果在URL的开头放置某些控制字符的话,解析程序就会生成畸形的URL输出。
7) 在CSS中,\0标识空字符,但Mozilla缺忽略了该字符。例如,c\0olor:red;会被处理为color:red;。这可能导致绕过web应用中的某些脚本过滤例程。
8) 会话恢复功能中存在漏洞,可能导致向错误的文档存储位置注入内容,包括其他域的存储位置。攻击者可以利用这个漏洞破坏浏览器的同源策略并在恢复SessionStore数据时执行跨站脚本攻击。
<*来源:moz_bug_r_a4 (moz_bug_r_a4@yahoo.com)
Daniel Veditz
Jesse Ruderman (jruderman@gmail.com)
链接:http://secunia.com/advisories/33203/
http://secunia.com/advisories/33184/
http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html
http://www.mozilla.org/security/announce/2008/mfsa2008-67.html
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html
http://www.mozilla.org/security/announce/2008/mfsa2008-63.html
http://www.mozilla.org/security/announce/2008/mfsa2008-62.html
http://www.mozilla.org/security/announce/2008/mfsa2008-61.html
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html
http://scary.beasts.org/security/CESA-2008-011.html
https://www.redhat.com/support/errata/RHSA-2008-1037.html
https://www.redhat.com/support/errata/RHSA-2008-1036.html
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-258748-1
http://www.debian.org/security/2009/dsa-1697
http://www.debian.org/security/2009/dsa-1704
http://www.debian.org/security/2009/dsa-1707
http://www.debian.org/security/2009/dsa-1696
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
https://bugzilla.mozilla.org/attachment.cgi?id=343772
建议:
临时解决方法:
* 禁用JavaScript和会话恢复功能。
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1696-1)以及相应补丁:
DSA-1696-1:New icedove packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1696
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz
Size/MD5 checksum: 632912 934c1af8ef52f687bd76100e038f031e
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz
Size/MD5 checksum: 35464904 bc7d4a8ac66249e890cc6b8053e1c403
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc
Size/MD5 checksum: 1352 50f9d989748dcdc3b4fbe3dfe5c511e0
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30358 bda7c5e419dc5d8a9bce681f985b7b54
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30344 440f59303f23a8b51555ec44536bc610
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30344 85cca8031c7e802bbe8da34c57f4f49e
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30332 1d7b977f1f636a6119fecbaa5209b123
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30352 ac038bd3bfa58b2bd8de442a71e6e244
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30352 43ad195fe32dc2fb2e94513fbf91a77c
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30312 cbe2956ce57f0d8c4c8ff97ab3e2b73e
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30324 6a39034c09e4126bb21cdc23c2487939
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30330 a16f184ecc39515f32fa6083b617641b
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
Size/MD5 checksum: 30338 242b59c55d9dee9589bb59fbd6658dc6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
Size/MD5 checksum: 3962856 19a9dc3a453f2ca162e6e5bba2c689b6
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
Size/MD5 checksum: 13483784 7fcca7955d98bb3a15f6ec99d6639771
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
Size/MD5 checksum: 200634 057601dd1afc618d5f13e42c085f86c5
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
Size/MD5 checksum: 54840 c88c725218fc24b4a0b3190af5ac5a65
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
Size/MD5 checksum: 65550 40bedd8656c7957486f18aac306f7d12
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
Size/MD5 checksum: 52488200 37055190c86d3ac57eec835a839bc419
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
Size/MD5 checksum: 62776 8d90b71b18c7d4b1d7e810f935d54e8d
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
Size/MD5 checksum: 197798 3b30dc78666876c8d0bb7b4787fdd8ca
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
Size/MD5 checksum: 3953624 6475fbe0b2b1c80b09028089ba67221d
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
Size/MD5 checksum: 53318 b9ec720b8da400758255f239813c20aa
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
Size/MD5 checksum: 51569938 8f68e2681ee04a4db5f91ab45b5f86e3
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
Size/MD5 checksum: 12217532 43120cb3e4a16da07e47876b71cf55e3
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
Size/MD5 checksum: 3926916 2471690066542ca1e81b565feeed8e70
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
Size/MD5 checksum: 10910920 b80811bcd6f906f9464be3164efaddf6
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
Size/MD5 checksum: 60542 f12328fb2be467a5ab8c664df5f166ec
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
Size/MD5 checksum: 50937432 355819c441f0af0756534c1b1d6befd7
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
Size/MD5 checksum: 48438 84bf5cd63df4c78e1f7f7a46459e3163
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
Size/MD5 checksum: 191338 e0866c1938dd6cf6463a6b8c0ccc4789
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
Size/MD5 checksum: 52398756 9bfa968bcce1f1d84aead2c343d02433
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
Size/MD5 checksum: 3961020 8baebf6bcb9006393313f31a6bb02db0
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
Size/MD5 checksum: 202134 738c0a03afd26aa91c156d563d0de1cc
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
Size/MD5 checksum: 55074 fc4d7d7e32182f0f1861ae5d06540db2
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
Size/MD5 checksum: 67312 b5e4ae6d90452f2232a22161f8bb83da
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
Size/MD5 checksum: 13655932 a02bb8a7403602059fedafe832531844
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
Size/MD5 checksum: 10950918 c972632df916e3304ae1657a2b301fdc
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
Size/MD5 checksum: 192848 1fcb52f25725a7c106e12f29ef73bbe8
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
Size/MD5 checksum: 49112 1d2b378e81e1753d0428e220a24e16cc
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
Size/MD5 checksum: 59682 3d90785a8070f5a1e5711a0981abf800
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
Size/MD5 checksum: 3950506 8bfd66cc1708346cac4cb92b099925ec
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
Size/MD5 checksum: 50850480 dbdbc7041b916f6e59dcac3ece619244
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
Size/MD5 checksum: 51880702 56164c298160502414409173c1f04e13
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
Size/MD5 checksum: 206440 13c15460c07d898861196040360a773b
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
Size/MD5 checksum: 61352 6ea0c96ac063352e976c4466f6693445
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
Size/MD5 checksum: 75818 82b63c4e7a04d88563ebb026ab5442d7
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
Size/MD5 checksum: 3731302 69346f41cb47056702efc0681657c510
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
Size/MD5 checksum: 16577294 3146e1c829f3d194c388077931a47485
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
Size/MD5 checksum: 53214602 6207f3135c941b7348219ede580b6c92
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
Size/MD5 checksum: 194438 84bef6e50347e0421f667e1148f85a6d
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
Size/MD5 checksum: 49608 079ed1d622c23e8ef856e05f31435649
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
Size/MD5 checksum: 3951628 f88b22d4ed68158bacbd5c51faf8e563
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
Size/MD5 checksum: 60046 7afd997c7631d1e458a4c0075ba4cbbe
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
Size/MD5 checksum: 11625186 e9166ce3e1de56e78022e70a28bdd0e8
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
Size/MD5 checksum: 60396 3baa5cba57929c4401731de9039bb6c7
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
Size/MD5 checksum: 51774640 c89a79f9cbf93b583d1afd60ec8fc70d
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
Size/MD5 checksum: 11373928 e83d17a1d63b8857d49b1efc9d74d586
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
Size/MD5 checksum: 50710 7d8aa386b329e2d93f7fc85f245261a4
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
Size/MD5 checksum: 3686850 67e7b75dd18d74fb45b3278cafa88db1
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
Size/MD5 checksum: 193734 9522b8f3bf9570de7f99f7b0ae5744e0
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
Size/MD5 checksum: 194474 aede4ace924b89ae12e6556a8444cc11
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
Size/MD5 checksum: 62158 fef7361f1431e623e45fe8033060ab0d
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
Size/MD5 checksum: 53398506 c55370e9adb2b7d7f176ea43eea77f90
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
Size/MD5 checksum: 11822454 3f7a8180cb276529fa883c702f28840f
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
Size/MD5 checksum: 51334 ce1f2fb8863a23314f922a7b7fded0a1
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
Size/MD5 checksum: 3681454 f2597c093b57efdca38a5c9ba9fb6622
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
Size/MD5 checksum: 3676578 3fbc08c0bba5dd0f14bf160018ec7034
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
Size/MD5 checksum: 59830 f39bda160f8d21f97bdc46ff37000898
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
Size/MD5 checksum: 49828 9cd015183ad1200e00bb0a6b4a5b544a
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
Size/MD5 checksum: 50726490 7dae68f748ccc5102320f4850170f946
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
Size/MD5 checksum: 11132208 8f00b97ee223c42904e2af342222b363
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
Size/MD5 checksum: 191926 54388142eaa943f4a31934c0ee111a74
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Mozilla
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.mozilla.org/
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2008:1037-01)以及相应补丁:
RHSA-2008:1037-01:Critical: seamonkey security update
链接:https://www.redhat.com/support/errata/RHSA-2008-1037.html
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-258748)以及相应补丁:
Sun-Alert-258748:Multiple Security Vulnerabilities in Mozilla Thunderbird Versions Prior to 2.0.0.19 May Allow Execution of Arbitrary Code or Unauthorized Access to Data
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-258748-1
浏览次数:3670
严重程度:0(网友投票)
绿盟科技给您安全的保障