安全研究

安全漏洞
Firefox _moveToEdgeShift方式远程代码执行漏洞

发布日期:2009-03-19
更新日期:2009-03-31

受影响系统:
Mozilla Firefox < 3.0.8
不受影响系统:
Mozilla Firefox 3.0.8
描述:
BUGTRAQ  ID: 34181
CVE(CAN) ID: CVE-2009-1044

Firefox是一款非常流行的开放源码WEB浏览器。

Firefox中XUL树方式_moveToEdgeShift在某些情况下可能会对仍在使用的对象触发垃圾收集例程,之后浏览器在试图访问之前已被释放的对象时会崩溃。攻击者可以利用这种崩溃在用户机器上执行任意指令。

<*来源:Daniel Veditz
  
  链接:http://secunia.com/advisories/34471/
        http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
        http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
        https://bugzilla.mozilla.org/show_bug.cgi?format=multiple&id=484320
        https://www.redhat.com/support/errata/RHSA-2009-0398.html
        https://www.redhat.com/support/errata/RHSA-2009-0397.html
        http://www.debian.org/security/2009/dsa-1756
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1756-1)以及相应补丁:
DSA-1756-1:New xulrunner packages fix multiple vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1756

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc
Size/MD5 checksum:     1777 be107e8cce28d09395d6c2b0e2880e0b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz
Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz
Size/MD5 checksum:   115665 4886b961a24c13d9017e8f261b7a4ad4

Architecture independent packages:

http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb
Size/MD5 checksum:  1480030 c12b4d6d534c0f12ec8e19760ca52a9b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:    69048 cbcfc3f9addacdd2a6641980876910f1
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:  7725982 c5075bc0634cb5b2cfc8b64649f9511e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:  3587626 1ce3de601c764c9bfb0c3998566f2baa
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:   887434 d373f8ed294bc6184a188bc820e04d6b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:   220394 8ac87390e12115281d335b8773fb5733
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:   152152 76761d21f53d017af1ff349e528664ea
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:   372048 ba88e43241ab33621169f2e352bdf634
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb
Size/MD5 checksum:   100434 d20e7c595e15ca0831d62d13d19c9d25

arm architecture (ARM)

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:   814182 2fe30b4c614a8dad20d6daa5e8156193
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:    83324 b2b5e1e0850ceb17bf60471435a751f8
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:  6786494 017302b5a56bdd55d3d1ffe18bd61832
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:    67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:   348306 7cacc5c36e3139afa7e93cce23e55bdc
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:   141074 ddfcdb101f24b626caede43f36667ebb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:   222552 099c35e0a9fc845e12d97e05dc5cefbe
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb
Size/MD5 checksum:  3577622 a45883aa5a860e9ceaccd1507b1e2b4d

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:   106132 b21e7b60ef507b75d4e75cecf01507b4
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:   409632 8ad83b2450a8224287708d08fb0e3349
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:   222406 cc644de6ffb2987c4d3290760d851c3f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:   900224 98b504ea16f93598810cff8dd753c7cc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:  3625060 bb06476c2dfef959c573a67f910f500a
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:    71008 d61063712c37cfde51b3944f1dbd311f
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:   157864 c9b9587d5b0582b35a1ccff76445f13f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb
Size/MD5 checksum:  9487824 ebcb840996d1d69d6836e6d1aec2f81d

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:  6581370 480961b3e126e36c1d4087df2c2fb6d9
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:   141498 729642753ad2a51d17983b3583f740b6
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:  3572938 f0bf3224b2c681417ba6dd8dcac5f96d
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:   846308 06e3b0690f2f3a868375f4d58a7b8614
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:   348812 acc2f219abb68286432720315861ed53
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:    82002 77b4ffe73322bf5ead4bc24ee3fc76d2
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:   222556 85fee1ce9133cb7ab9ce99f62b70e447
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum:    67810 0eb6b02984351fa3bf02640d7ff1d4e6
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb
Size/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum:   179458 82249a7cb150fce22af5f5681d3164fe
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum:   538492 e75c766e0666c1604805f8c4c97cc256
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum:    75446 94f2c55150101f7a5811c9429364bd1b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum:   222198 62ba8960b8326d21523dc7c76cc1f9d8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum:   808982 3038817adea449b7715164cad73a5f16
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum:  3391518 26decf00e4fb05e3dbfc61c9dd933f5b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb
Size/MD5 checksum:   120932 e3af6d0b86f8d21a9fbb43986a5c79b3

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:   914808 749779b5620ceffb2845ac170699a866
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:   221900 63c93f91cf4ee34e307bd06c5675c460
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:   377372 1c527a4b63e3eb729124f54764261310
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:  7652050 4464324acfeaf2019722f4bddc980a64
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:   144160 3217dab8582a83c2e8db5ed0a2894c9a
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:    69328 7d17be8a925e42469ce3d46009eb0437
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:  3607854 683f1204c14aa14f72927e2babf2afc2
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb
Size/MD5 checksum:    96506 95148e457d3a554935ae2771553378d8

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:   896502 7293da4f42af7c5faadaff3d00e024ad
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:   222202 8ab7c65e1b6e67481b885951bf7b06ee
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:    96170 02b28ff5c4af5b3c5ab241e6ada57895
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:   144424 34f4f9236099f217f309dd3404cd32fc
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:   375064 c324513cb22e6bf942308fec5d6ffc44
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:  3303026 c9f09e3ac15cea9522e16d7606832417
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:  7359744 20955f26918492c6060f5196608cecca
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum:    68948 e564d5ad298fa7f2eb43c3d142421b23
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb
Size/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:   222214 a193661cfee9a9baf937e51fa8927852
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:  7259520 7a5a2eb42cf43a3859c886f6604e7bb0
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:    94176 0f27b080d4ef6e907e97926d9bde09d8
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:   151634 eb3b55bb033dd21e3a395b5455fed3a3
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:    72114 856bcc9a079008a00f502c037f7e075b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:  3278706 141fbb356a9b0ee7ddee52b32b250021
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:   359602 e678dd18f6fac0aad286a5d455e6d84f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb
Size/MD5 checksum:   885062 6682354b8d0e8f25e6897bcfee801579

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:   222190 c62253da00b92ab339f524ef6d525767
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:   404064 4f0c71caf3242ca9f1878ac6df71b414
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:   104972 ecefd67cf04623d0bd9deb66645ece52
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:   155536 33869ff68336fde0594bb45661f85c03
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:  3300930 9cf7bde0ab1e0c507566a88fd2a6562f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:   906248 a03086436351f5085905acd1d4084f40
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:  8371150 b731e930186033123c928eeb52c186ba
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb
Size/MD5 checksum:    71936 426ddd3166525fdf235448bddcba413b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:    68258 8c14ad467b7a590f0262ad0636b7a90b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:    87020 d7241f5f6ae1a92e9bfe819955c42b88
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:  3571244 a50b84de8fe3f268e33882b5b325945d
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:   817342 554bd07b8f90071d36ac57c01c24b6a9
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:   220812 1edcd284a1520e8fdfdf68f015dd2211
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:  7152698 d33c5b929d5d98a02f0ce021b5bb1531
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:   346378 e617288c62da4165ed5230adbc9d7890
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum:   141340 606be0ab05095515bbb3070d7543e1ca
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb
Size/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

Mozilla
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.mozilla.org/

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:0397-01)以及相应补丁:
RHSA-2009:0397-01:Critical: firefox security update
链接:https://www.redhat.com/support/errata/RHSA-2009-0397.html

浏览次数:4238
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客