CVE-2005-0230
CVSS5.1
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:08:52
NMCOPS    

[原文]Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."


[CNNVD]Mozilla Firefox安全策略绕过漏洞(CNNVD-200505-216)

        Firefox 1.0在可执行文件具有image/gif内容但带有.bat或.exe之类危险的扩展名时,不会阻止用户将文件拖放到桌面上,从而允许远程攻击者通过仍可用Windows批处理文件解析器进行分析的畸形GIF文件来绕过设置的限制以及执行任意命令,又称"firedragging"。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:100033Mozilla Image Spoofing Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0230
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0230
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-216
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110780995232064&w=2
(UNKNOWN)  BUGTRAQ  20050207 Firedragging [Firefox 1.0]
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-10
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-30
http://www.mikx.de/firedragging/
(UNKNOWN)  MISC  http://www.mikx.de/firedragging/
http://www.mozilla.org/security/announce/mfsa2005-25.html
(PATCH)  CONFIRM  http://www.mozilla.org/security/announce/mfsa2005-25.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
(UNKNOWN)  SUSE  SUSE-SA:2006:004
http://www.securityfocus.com/bid/12468
(UNKNOWN)  BID  12468
https://bugzilla.mozilla.org/show_bug.cgi?id=279945
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.mozilla.org/show_bug.cgi?id=279945

- 漏洞信息

Mozilla Firefox安全策略绕过漏洞
中危 其他
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Firefox 1.0在可执行文件具有image/gif内容但带有.bat或.exe之类危险的扩展名时,不会阻止用户将文件拖放到桌面上,从而允许远程攻击者通过仍可用Windows批处理文件解析器进行分析的畸形GIF文件来绕过设置的限制以及执行任意命令,又称"firedragging"。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.1/source/firefox-1.0.1-source.tar.bz2

- 漏洞信息 (F36809)

Gentoo Linux Security Advisory 200503-30 (PacketStormID:F36809)
2005-03-25 00:00:00
Gentoo  security.gentoo.org
advisory,remote,web,arbitrary
linux,gentoo
CVE-2004-1156,CVE-2005-0230,CVE-2005-0231,CVE-2005-0232,CVE-2005-0233,CVE-2005-0255,CVE-2005-0399,CVE-2005-0401,CVE-2005-0527,CVE-2005-0578,CVE-2005-0584,CVE-2005-0585,CVE-2005-0588,CVE-2005-0590,CVE-2005-0591,CVE-2005-0592,CVE-2005-0593
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-30 - The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. Versions less than 1.7.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Mozilla Suite: Multiple vulnerabilities
      Date: March 25, 2005
      Bugs: #84074
        ID: 200503-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The Mozilla Suite is vulnerable to multiple issues ranging from the
remote execution of arbitrary code to various issues allowing to trick
the user into trusting fake web sites or interacting with privileged
content.

Background
==========

The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader.

Affected packages
=================

    -------------------------------------------------------------------
     Package                 /  Vulnerable  /               Unaffected
    -------------------------------------------------------------------
  1  www-client/mozilla           < 1.7.6                     >= 1.7.6
  2  www-client/mozilla-bin       < 1.7.6                     >= 1.7.6
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

The following vulnerabilities were found and fixed in the Mozilla
Suite:

* Mark Dowd from ISS X-Force reported an exploitable heap overrun in
  the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399)

* Michael Krax reported that plugins can be used to load privileged
  content and trick the user to interact with it (CAN-2005-0232,
  CAN-2005-0527)

* Michael Krax also reported potential spoofing or
  cross-site-scripting issues through overlapping windows, image or
  scrollbar drag-and-drop, and by dropping javascript: links on tabs
  (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401, CAN-2005-0591)

* Daniel de Wildt and Gael Delalleau discovered a memory overwrite in
  a string library (CAN-2005-0255)

* Wind Li discovered a possible heap overflow in UTF8 to Unicode
  conversion (CAN-2005-0592)

* Eric Johanson reported that Internationalized Domain Name (IDN)
  features allow homograph attacks (CAN-2005-0233)

* Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various
  ways of spoofing the SSL "secure site" indicator (CAN-2005-0593)

* Georgi Guninski discovered that XSLT can include stylesheets from
  arbitrary hosts (CAN-2005-0588)

* Secunia discovered a way of injecting content into a popup opened
  by another website (CAN-2004-1156)

* Phil Ringnalda reported a possible way to spoof Install source with
  user:pass@host (CAN-2005-0590)

* Jakob Balle from Secunia discovered a possible way of spoofing the
  Download dialog source (CAN-2005-0585)

* Christian Schmidt reported a potential spoofing issue in HTTP auth
  prompt tab (CAN-2005-0584)

* Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team
  discovered that Mozilla insecurely creates temporary filenames in
  /tmp/plugtmp (CAN-2005-0578)

Impact
======

* The GIF heap overflow could be triggered by a malicious GIF image
  that would end up executing arbitrary code with the rights of the
  user running Mozilla. The other overflow issues, while not thought to
  be exploitable, would have the same impact

* By setting up malicious websites and convincing users to follow
  untrusted links or obey very specific drag-and-drop or download
  instructions, attackers may leverage the various spoofing issues to
  fake other websites to get access to confidential information, push
  users to download malicious files or make them interact with their
  browser preferences

* The temporary directory issue allows local attackers to overwrite
  arbitrary files with the rights of another local user

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Suite users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"

All Mozilla Suite binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"

References
==========

  [ 1 ] CAN-2004-1156
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
  [ 2 ] CAN-2005-0230
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230
  [ 3 ] CAN-2005-0231
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
  [ 4 ] CAN-2005-0232
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
  [ 5 ] CAN-2005-0233
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233
  [ 6 ] CAN-2005-0255
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255
  [ 7 ] CAN-2005-0399
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
  [ 8 ] CAN-2005-0401
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401
  [ 9 ] CAN-2005-0527
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
  [ 10 ] CAN-2005-0578
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578
  [ 11 ] CAN-2005-0584
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584
  [ 12 ] CAN-2005-0585
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585
  [ 13 ] CAN-2005-0588
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588
  [ 14 ] CAN-2005-0590
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590
  [ 15 ] CAN-2005-0591
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591
  [ 16 ] CAN-2005-0592
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592
  [ 17 ] CAN-2005-0593
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593
  [ 18 ] Mozilla Security Advisories
         http://www.mozilla.org/projects/security/known-vulnerabilities.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-30.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F36472)

Gentoo Linux Security Advisory 200503-10 (PacketStormID:F36472)
2005-03-07 00:00:00
Gentoo  security.gentoo.org
advisory,web,local
linux,gentoo
CVE-2004-1156,CVE-2005-0230,CVE-2005-0231,CVE-2005-0232,CVE-2005-0233,CVE-2005-0255,CVE-2005-0527,CVE-2005-0578,CVE-2005-0584,CVE-2005-0585,CVE-2005-0586,CVE-2005-0588,CVE-2005-0589,CVE-2005-0590,CVE-2005-0591,CVE-2005-0592,CVE-2005-0593
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-10 - Mozilla Firefox is vulnerable to a local file deletion issue and to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Mozilla Firefox: Various vulnerabilities
      Date: March 04, 2005
      Bugs: #83267
        ID: 200503-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Mozilla Firefox is vulnerable to a local file deletion issue and to
various issues allowing to trick the user into trusting fake web sites
or interacting with privileged content.

Background
==========

Mozilla Firefox is the popular next-generation browser from the Mozilla
project.

Affected packages
=================

    -------------------------------------------------------------------
     Package                      /  Vulnerable  /          Unaffected
    -------------------------------------------------------------------
  1  net-www/mozilla-firefox           < 1.0.1                >= 1.0.1
  2  net-www/mozilla-firefox-bin       < 1.0.1                >= 1.0.1
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

The following vulnerabilities were found and fixed in Mozilla Firefox:

* Michael Krax reported that plugins can be used to load privileged
  content and trick the user to interact with it (CAN-2005-0232,
  CAN-2005-0527)

* Michael Krax also reported potential spoofing or
  cross-site-scripting issues through overlapping windows, image
  drag-and-drop, and by dropping javascript: links on tabs
  (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)

* Daniel de Wildt and Gael Delalleau discovered a memory overwrite in
  a string library (CAN-2005-0255)

* Wind Li discovered a possible heap overflow in UTF8 to Unicode
  conversion (CAN-2005-0592)

* Eric Johanson reported that Internationalized Domain Name (IDN)
  features allow homograph attacks (CAN-2005-0233)

* Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various
  ways of spoofing the SSL "secure site" indicator (CAN-2005-0593)

* Matt Brubeck reported a possible Autocomplete data leak
  (CAN-2005-0589)

* Georgi Guninski discovered that XSLT can include stylesheets from
  arbitrary hosts (CAN-2005-0588)

* Secunia discovered a way of injecting content into a popup opened
  by another website (CAN-2004-1156)

* Phil Ringnalda reported a possible way to spoof Install source with
  user:pass@host (CAN-2005-0590)

* Jakob Balle from Secunia discovered a possible way of spoofing the
  Download dialog source (CAN-2005-0585)

* Christian Schmidt reported a potential spoofing issue in HTTP auth
  prompt tab (CAN-2005-0584)

* Andreas Sanblad from Secunia discovered a possible way of spoofing
  the Download dialog using the Content-Disposition header
  (CAN-2005-0586)

* Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team
  discovered that Firefox insecurely creates temporary filenames in
  /tmp/plugtmp (CAN-2005-0578)

Impact
======

* By setting up malicious websites and convincing users to follow
  untrusted links or obey very specific drag-and-drop or download
  instructions, attackers may leverage the various spoofing issues to
  fake other websites to get access to confidential information, push
  users to download malicious files or make them interact with their
  browser preferences.

* The temporary directory issue allows local attackers to overwrite
  arbitrary files with the rights of another local user.

* The overflow issues, while not thought to be exploitable, may allow
  a malicious downloaded page to execute arbitrary code with the rights
  of the user viewing the page.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"

All Firefox binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"

References
==========

  [ 1 ] CAN-2004-1156
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
  [ 2 ] CAN-2005-0230
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230
  [ 3 ] CAN-2005-0231
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
  [ 4 ] CAN-2005-0232
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
  [ 5 ] CAN-2005-0233
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233
  [ 6 ] CAN-2005-0255
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255
  [ 7 ] CAN-2005-0527
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
  [ 8 ] CAN-2005-0578
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578
  [ 9 ] CAN-2005-0584
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584
  [ 10 ] CAN-2005-0585
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585
  [ 11 ] CAN-2005-0586
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586
  [ 12 ] CAN-2005-0588
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588
  [ 13 ] CAN-2005-0589
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589
  [ 14 ] CAN-2005-0590
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590
  [ 15 ] CAN-2005-0591
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591
  [ 16 ] CAN-2005-0592
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592
  [ 17 ] CAN-2005-0593
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593
  [ 18 ] Mozilla Security Advisories
         http://www.mozilla.org/projects/security/known-vulnerabilities.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-10.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F36094)

Firedragging.txt (PacketStormID:F36094)
2005-02-23 00:00:00
Michael Krax  mikx.de
advisory
CVE-2005-0230
[点击下载]

Firefox built-in protection against allowing dragged non-image files can be bypassed when an executable is passed with a content-type of image/gif. Tested with Firefox 1.0 and Mozilla 1.7.5.

__Summary

Usually Firefox does not allow that an executable, non-image file gets 
directly dragged to the desktop (e.g. by supplying malware.exe as the src of 
an image tag). Instead Firefox creates a link to the file on the desktop.

If you create a hybrid of a gif image and a batch file you can trick 
Firefox. Since the hybrid renders as a valid image, Firefox tries to copy 
the image to the desktop when dropped. By creating the image dynamicly and 
forcing the content type image/gif, the file can be of any extension (e.g. 
image.bat or image.exe).

The windows batch file parser is pretty forgiving. It just ignores the first 
line of "gif trash" and executes whatever you append to the end of the 
hybrid file.

Since windows hides known file extensions by default, a user can only tell 
that something went wrong by looking at the file icon, which is different of 
course. If the user does not care or know what this different icon means, a 
double click to view or edit the "image" he just dropped executes the batch 
file instead.

__Proof-of-Concept

http://www.mikx.de/firedragging/

__Status

The bug is marked as fixed in bugzilla. Get a nightly build, compile on your 
own or wait for Firefox 1.0.1.

2005-01-26 Vendor informed (bugzilla.mozilla.org #279945)
2005-01-31 Vendor confirmed bug
2005-02-03 Vendor fixed bug
2005-02-07 Public disclosure

The Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2005-0230 to this issue.

__Affected Software

Tested with Firefox 1.0 and Mozilla 1.7.5

__Contact Informations

Michael Krax <mikx@mikx.de>
http://www.mikx.de/?p=8

mikx


    

- 漏洞信息

13610
Mozilla Multiple Browser Dragged Image Extension Spoofing
Vendor Verified

- 漏洞描述

- 时间线

2005-02-07 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Mozilla Firefox Drag And Drop Security Policy Bypass Vulnerability
Failure to Handle Exceptional Conditions 12468
Yes No
2005-02-07 12:00:00 2007-01-25 04:21:00
Discovery of this vulnerability is credited to "mikx" <mikx@mikx.de>. This issue affecting Netscape was reported by Juha-Matti Laurio.

- 受影响的程序版本

S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
Netscape Netscape 7.2
Netscape Netscape 7.1
Netscape Netscape 7.0
Mozilla Thunderbird 1.0.1
Mozilla Thunderbird 1.0
Mozilla Thunderbird 0.9
Mozilla Thunderbird 0.8
Mozilla Thunderbird 0.7.3
Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Thunderbird 0.6
Mozilla Firefox 1.0
+ Gentoo Linux
+ Gentoo Linux
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ Slackware Linux 10.1
+ Slackware Linux 10.0
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux -current
+ Slackware Linux -current
Mozilla Firefox 0.10.1
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Browser 1.7.5
+ HP Tru64 5.1 B-2 PK4 (BL25)
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6
+ HP Tru64 5.1 A PK6
Mozilla Browser 1.7.4
Mozilla Browser 1.7.3
+ HP HP-UX B.11.23
+ HP HP-UX B.11.22
+ HP HP-UX B.11.22
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.00
+ HP HP-UX B.11.00
+ HP Tru64 5.1 B-2 PK4 (BL25)
+ HP Tru64 5.1 B-2 PK4 (BL25)
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6
+ HP Tru64 5.1 A PK6
Mozilla Browser 1.7.2
Mozilla Browser 1.7.1
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7 rc2
Mozilla Browser 1.7 rc1
Mozilla Browser 1.7 beta
Mozilla Browser 1.7 alpha
Mozilla Browser 1.7
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux
Netscape Netscape 8.0
Mozilla Thunderbird 1.0.2
Mozilla Firefox 1.0.1
+ Red Hat Fedora Core3
Mozilla Browser 1.7.6
+ HP HP-UX B.11.23
+ HP HP-UX B.11.23
+ HP HP-UX B.11.22
+ HP HP-UX B.11.22
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.00
+ HP HP-UX B.11.00
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 4
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0

- 不受影响的程序版本

Netscape Netscape 8.0
Mozilla Thunderbird 1.0.2
Mozilla Firefox 1.0.1
+ Red Hat Fedora Core3
Mozilla Browser 1.7.6
+ HP HP-UX B.11.23
+ HP HP-UX B.11.23
+ HP HP-UX B.11.22
+ HP HP-UX B.11.22
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.00
+ HP HP-UX B.11.00
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 4
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0

- 漏洞讨论

Mozilla Firefox is reported prone to a security vulnerability that could allow a malicious website to bypass drag-and-drop functionality security policies.

A user can exploit this vulnerability with an image that renders correctly in the Firefox browser, but is saved with a '.bat' file extension when dragged and dropped onto the local filesystem.

Since the batch file interpreter on Microsoft Windows is particularly lenient when it comes to syntax, batch commands appended to the image file will be executed if the image that was dragged and dropped is invoked.

Update: Netscape 7.2 is reported vulnerable to this issue as well. Other versions may also be affected.

- 漏洞利用

A proof of concept is available at the following location:

http://www.mikx.de/firedragging/

- 解决方案

Mozilla has released updates to address this and other issues.

Please see the referenced advisories for further information.


Mozilla Firefox 0.10

Mozilla Firefox 0.10.1

Mozilla Thunderbird 0.6

Mozilla Thunderbird 0.7

Mozilla Thunderbird 0.7.1

Mozilla Thunderbird 0.7.2

Mozilla Thunderbird 0.7.3

Mozilla Firefox 0.8

Mozilla Thunderbird 0.8

Mozilla Thunderbird 0.9

Mozilla Firefox 0.9

Mozilla Firefox 0.9 rc

Mozilla Firefox 0.9.1

Mozilla Firefox 0.9.2

Mozilla Firefox 0.9.3

Mozilla Thunderbird 1.0

Mozilla Firefox 1.0

Mozilla Thunderbird 1.0.1

S.u.S.E. Linux Professional 10.0

Netscape Netscape 7.0

Netscape Netscape 7.1

Netscape Netscape 7.2

S.u.S.E. Linux Professional 9.1

S.u.S.E. Linux Professional 9.2

S.u.S.E. Linux Professional 9.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站