firefox-3.0.18-1.1.AXS3
エラータID: AXSA:2010-126:01
リリース日:
2010/02/23 Tuesday - 20:38
題名:
firefox-3.0.18-1.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
現時点ではCVEの情報が公開されておりません。
CVEの情報が公開され次第情報をアップデートいたします。
Firefoxのセキュリティアドバイザリについてはこちらをご参照ください。
http://www.mozilla-japan.org/security/announce/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-1571
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
CVE-2009-3988
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
CVE-2010-0159
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
CVE-2010-0160
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2010-0162
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-3.0.18-1.1.AXS3.src.rpm
MD5: c7fe36e84005a62bdbb2434b6ff88216
SHA-256: 79853cffd9f3933c126266ea87a883be0eeefdfd2ebe717adac603802ddf3df1
Size: 42.97 MB - xulrunner-1.9.0.18-1.1.AXS3.src.rpm
MD5: 424e6345ef6171a254407a2fc7b80932
SHA-256: 80505693efa311f8fb9964b4cf8e825aba3fefc8a2c8fff95fefe852a479ae80
Size: 35.51 MB
Asianux Server 3 for x86
- firefox-3.0.18-1.1.AXS3.i386.rpm
MD5: af48c7982ebd9b0232dc54302fafa62f
SHA-256: 3de226bd4019b95ce33b9e0a8bcbbdf79bf3ec3c949349b9b84af5c3e2623723
Size: 12.06 MB - xulrunner-1.9.0.18-1.1.AXS3.i386.rpm
MD5: a32617b1ea00d7d101e9438220c0ece8
SHA-256: cd0974e9946a73b4ac08bf7cc5b2e32299caaf0bfa24aa7af4b2ea3fca74c7c9
Size: 10.01 MB
Asianux Server 3 for x86_64
- firefox-3.0.18-1.1.AXS3.x86_64.rpm
MD5: 5c1e28512cfda00d9284ed4d4ed4fc0b
SHA-256: ea2c9fbf838414fb0056dd5c75e73eb689235d30612d5107551249d61bd9f662
Size: 12.06 MB - xulrunner-1.9.0.18-1.1.AXS3.x86_64.rpm
MD5: 7caaa27bb03c6bf7505adc1b08fec488
SHA-256: 92f96a04c0773953c95128f6d1b1ca65b766a02967beca5be5b090085fb57e81
Size: 10.42 MB