xulrunner-1.9.2.11-4.0.1.AXS3
エラータID: AXSA:2010-480:08
リリース日:
2010/11/03 Wednesday - 13:04
題名:
xulrunner-1.9.2.11-4.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
[Security Fix]
- Mozilla Firefox には JavaScript が有効な場合, appendChild メソッド, 誤ったインデックスのトラッキング、複数のフレームの生成によって, リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2010-3765)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
追加情報:
N/A
ダウンロード:
SRPMS
- xulrunner-1.9.2.11-4.0.1.AXS3.src.rpm
MD5: e411df1449c019f55557dc2b3f264096
SHA-256: 96c7ce287d6f2975d06c90dfc024e641f75e2c28637cfd1d27d37dde678d6d51
Size: 48.78 MB
Asianux Server 3 for x86
- xulrunner-1.9.2.11-4.0.1.AXS3.i386.rpm
MD5: b74ff9ea779d0be2f2d8bfe5cda006d9
SHA-256: 4dacd52d1a1f880b8287dde5d66ef522fa3329c201bb99634aea21e40bcabcdb
Size: 11.57 MB
Asianux Server 3 for x86_64
- xulrunner-1.9.2.11-4.0.1.AXS3.x86_64.rpm
MD5: 7384771a843df5494dd0b2253841f26f
SHA-256: 096febe2e90d17b998626bcbb276018cc79b650c00af06d7512cc3723e99214b
Size: 11.01 MB