firefox-3.6.11-2.0.1.AXS3; nss-3.12.8-1.AXS3; xulrunner-1.9.2.11-2.0.1.AXS3
エラータID: AXSA:2010-476:07
リリース日:
2010/10/28 Thursday - 13:03
題名:
firefox-3.6.11-2.0.1.AXS3; nss-3.12.8-1.AXS3; xulrunner-1.9.2.11-2.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Mozilla Firefox と SeaMonkey は X.509 認証の主体者の一般名フィールドに含まれたワイルドカードのついた IP アドレスを認証してしまい, 攻撃者が正当な認証局によって発行された証明書によって, 任意の SSL サーバになりすます脆弱性があります。 (CVE-2010-3170)
- Firefox と SeaMonkey の SSL 実装は, Diffie-Hellman 短命モードの最小のキーの長さ
を適切に設定しておらず, ブルートフォース攻撃によって, リモートの攻撃者が暗号保護メカニズムを無効にする脆弱性があります。(CVE-2010-3173)
- Mozilla Firefox のブラウザエンジンには複数の不明な脆弱性が存在し, リモートの攻撃者がサービス拒否 (メモリ破壊とアプリケーションのクラッシュ) あるいは任意のコードを実行する可能性のある脆弱性があります。(CVE-2010-3175), (CVE-2010-3176)
- Mozilla Firefox と SeaMonkey の Gopher パーサには複数のクロスサイトスクリプティング (XSS) 脆弱性が存在し, Gopher サーバの巧妙に作られたファイル名あるいはディレクトリ名によって, リモートの攻撃者が任意の WEB スクリプトあるいは HTML を注入する脆弱性があります。(CVE-2010-3177)
- Mozilla Firefox と SeaMonkey の nsBarProp 関数には開放後使用の問題が存在し, 閉じられたウィンドウのロケーションバーのプロパティにアクセスすることによって, リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2010-3180)
- Mozilla Firefox と SeaMonkey のあるアプリケーション起動スクリプトは LD_LIBRARY_PATH に長さ 0 のディレクトリ名を持ったディレクトリを置くため, カレントの作業ディレクトリのトロイの木馬の共有ライブラリによって, ローカルユーザが権限を得る脆弱性があります。(CVE-2010-3182)
- Mozilla Firefox と SeaMonkey の LookupGetterOrSetter 関数は引数のない
window.__lookupGetter__ ファンクションコールを適切にサポートしておらず, リモートの攻撃者が任意のコードを実行したり, 巧妙に作られた HTML ドキュメントによって, サービス拒否 (誤ったポインタ参照とアプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2010-3183)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-3170
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2010-3173
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
CVE-2010-3175
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2010-3176
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2010-3177
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
CVE-2010-3178
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
CVE-2010-3179
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
CVE-2010-3180
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.
CVE-2010-3182
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2010-3183
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-3.6.11-2.0.1.AXS3.src.rpm
MD5: 986bfc92997e927303452d0eb89a4c40
SHA-256: ea8243a1f1b0b20ee7652a6f4cbf35843926e458bf4e0af722e736a9f1ea061f
Size: 57.91 MB - nss-3.12.8-1.AXS3.src.rpm
MD5: ca9c5a690fbd38b77c999f6f7628526a
SHA-256: 9bf67c386aeec64ac5eb3da3f17e6f458c1da479af0b6167077a114f27b72b87
Size: 5.35 MB - xulrunner-1.9.2.11-2.0.1.AXS3.src.rpm
MD5: 01a6001c3794357862f4cc259eec9af9
SHA-256: a1d3dcbccd6e7657d965e12f14e0cdd726ea20d5c0564e24df1f1c7a91f32c0f
Size: 48.78 MB
Asianux Server 3 for x86
- firefox-3.6.11-2.0.1.AXS3.i386.rpm
MD5: 3880ddc959d45bd6705b89db4a1c1ea7
SHA-256: 6dfbf4812b367f5b79ac7a0f71ddc00a64af52b79bd3a91bdff0cacc053c61c5
Size: 14.49 MB - xulrunner-1.9.2.11-2.0.1.AXS3.i386.rpm
MD5: 09926ec5c98833f89835ea5ba1475e80
SHA-256: 81ac62a20b9629ba99c79135ae185bfd7957063404d4572455624ecdbbc73927
Size: 11.57 MB
Asianux Server 3 for x86_64
- firefox-3.6.11-2.0.1.AXS3.x86_64.rpm
MD5: 5ae3931682ebb5fd492a77a81ff87d65
SHA-256: 6d57b95f4358470369a491bbbd62019213ba0fe7f2859e1fdb9f8e54393c6b98
Size: 14.48 MB - xulrunner-1.9.2.11-2.0.1.AXS3.x86_64.rpm
MD5: 3b8aa88eefd17b79d37f469cad7bb25a
SHA-256: a1323565bd8bf820d850dd3b62257cabafc662e1f44ea329670684d41ceeb84d
Size: 11.01 MB