发布时间 :2005-07-13 00:00:00
修订时间 :2011-03-07 21:24:00

[原文]Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.

[CNNVD]Mozilla firefox 代码执行漏洞(CNNVD-200507-178)

        Firefox 1.0.5之前版本中存在代码执行漏洞。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:firefox:1.0.3Mozilla Firefox 1.0.3
cpe:/a:mozilla:firefox:0.10.1Mozilla Firefox 0.10.1
cpe:/a:mozilla:firefox:0.9Mozilla Firefox 0.9
cpe:/a:mozilla:firefox:0.8Mozilla Firefox 0.8
cpe:/a:mozilla:firefox:1.0.1Mozilla Firefox 1.0.1
cpe:/a:mozilla:firefox:0.9.2Mozilla Firefox 0.9.2
cpe:/a:mozilla:firefox:0.9.1Mozilla Firefox 0.9.1
cpe:/a:mozilla:firefox:1.0Mozilla Firefox 1.0
cpe:/a:mozilla:firefox:0.9.3Mozilla Firefox 0.9.3
cpe:/a:mozilla:firefox:1.0.2Mozilla Firefox 1.0.2
cpe:/a:mozilla:firefox:0.10Mozilla Firefox 0.10
cpe:/a:mozilla:firefox:0.9:rcMozilla Firefox 0.9 rc
cpe:/a:mozilla:firefox:1.0.4Mozilla Firefox 1.0.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1172RHE3 Firefox External App Code Acceptance Vulnerability
oval:org.mitre.oval:def:11334Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such ...
oval:org.mitre.oval:def:1073RHE4 Firefox External App Code Acceptance Vulnerability
oval:org.mitre.oval:def:100006Firefox External App Code Acceptance Vulnerability

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  VUPEN  ADV-2005-1075
(UNKNOWN)  BID  14242

- 漏洞信息

Mozilla firefox 代码执行漏洞
高危 资料不足
2005-07-13 00:00:00 2005-10-20 00:00:00
        Firefox 1.0.5之前版本中存在代码执行漏洞。

- 公告与补丁


- 漏洞信息 (F39536)

Debian Linux Security Advisory 779-1 (PacketStormID:F39536)
2005-08-24 00:00:00

Debian Security Advisory DSA 779-1 - Several problems have been discovered in Mozilla Firefox, a lightweight web browser based on Mozilla.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 779-1                                        Martin Schulze
August 20th, 2005             
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263
                 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267
                 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 
BugTraq ID     : 14242
Debian Bug     : 318061

Several problems have been discovered in Mozilla Firefox, a
lightweight web browser based on Mozilla.  The Common Vulnerabilities
and Exposures project identifies the following problems:


    The browser user interface does not properly distinguish between
    user-generated events and untrusted synthetic events, which makes
    it easier for remote attackers to perform dangerous actions that
    normally could only be performed manually by the user.


    XML scripts ran even when Javascript disabled.


    The user can be tricked to executing arbitrary JavaScript code by
    using a JavaScript URL as wallpaper.


    It is possible for a remote attacker to execute a callback
    function in the context of another domain (i.e. frame).


    By opening a malicious link in the sidebar it is possible for
    remote attackers to steal sensitive information.


    Missing input sanitising of InstallVersion.compareTo() can cause
    the application to crash.


    Remote attackers could steal sensitive information such as cookies
    and passwords from web sites by accessing data in alien frames.


    By using standalone applications such as Flash and QuickTime to
    open a javascript: URL, it is possible for a remote attacker to
    steal sensitive information and possibly execute arbitrary code.


    It is possible for a Javascript dialog box to spoof a dialog box
    from a trusted site and facilitates phishing attacks.


    Remote attackers could modify certain tag properties of DOM nodes
    that could lead to the execution of arbitrary script or code.


    The Mozilla browser familie does not properly clone base objects,
    which allows remote attackers to execute arbitrary code.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 1.0.6-1.

We recommend that you upgrade your Mozilla Firefox packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1001 a5cf2fc8bc04662e6c192c15666011e4
      Size/MD5 checksum:   285974 45e66f5ddde0d5c016fd15268da0e522
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:
      Size/MD5 checksum: 11162656 4c8e579214a7bd4030303c6e33ec95f7
      Size/MD5 checksum:   166698 027d4c7fddb899faff3ef9928864bb71
      Size/MD5 checksum:    58528 2cff714da9bf45d1112621132f9fc940

  AMD64 architecture:
      Size/MD5 checksum:  9396736 0a28ce7a8f6f783f16c201fc0daf6e0a
      Size/MD5 checksum:   161458 f9384873ae04a233001b37088abc510a
      Size/MD5 checksum:    57012 b09a95b0f7587001540398f1a5fce173

  ARM architecture:
      Size/MD5 checksum:  8216228 9ca98872228db6ba98cf5123d642fc4b
      Size/MD5 checksum:   152944 e0dc5a23ec713373753bcdf4e774c6f7
      Size/MD5 checksum:    52362 decd529d18ee714bcf2dbe5a82e53e37

  Intel IA-32 architecture:
      Size/MD5 checksum:  8887610 54e66239bff8195d09a76a8b0c65e096
      Size/MD5 checksum:   156664 e40d4387cdf627df5706e8a83f39640d
      Size/MD5 checksum:    53906 3bc7062690df1334a92eeeae36819ea0

  Intel IA-64 architecture:
      Size/MD5 checksum: 11615046 5b41f9a2f87e8bc9017c94cd5b24b180
      Size/MD5 checksum:   167044 67972c83f83c325861b21ff6486519e9
      Size/MD5 checksum:    61720 86ecafea4b179e1739ea521402d2e53b

  HP Precision architecture:
      Size/MD5 checksum: 10264776 822d581c33a2628807fd955c1a72a66a
      Size/MD5 checksum:   164432 bf6da3e624453a2b9669f889e56c0a76
      Size/MD5 checksum:    57512 aa8ee4e91cdead5a455a70c3608ba85e

  Motorola 680x0 architecture:
      Size/MD5 checksum:  8166186 6ae9415318e2156f420b1926936f28b6
      Size/MD5 checksum:   155562 54c6667bd665e961b5bd45c2b44df43d
      Size/MD5 checksum:    53176 7c3a5484eb5d7155181653d25f927af1

  Big endian MIPS architecture:
      Size/MD5 checksum:  9917724 bc430e659978ea1114dc38c0982a5917
      Size/MD5 checksum:   154452 84399a208bda215a7983bc2f35f30bd2
      Size/MD5 checksum:    54188 f6ea0de213759e27da7dc5c06c6a5e57

  Little endian MIPS architecture:
      Size/MD5 checksum:  9802342 7e995ec5e6ee01d2ebc86d8e6e77d58a
      Size/MD5 checksum:   154006 110274d1994cfe33062244e28ee04fd6
      Size/MD5 checksum:    54012 83610c805d36e4cea229cab960a06e32

  PowerPC architecture:
      Size/MD5 checksum:  8560170 ac40dd1ebef525009556eac5f5dbeff3
      Size/MD5 checksum:   155046 ab31c9d12c13b9e63a4af5f8babcb6ad
      Size/MD5 checksum:    56300 dab2c4918f383416a2418c2327988cc1

  IBM S/390 architecture:
      Size/MD5 checksum:  9635642 2514b2a60f87aedff82c0d5c29f53f25
      Size/MD5 checksum:   162076 2a3fe0537ebeebc2ea9f1a3aa952279c
      Size/MD5 checksum:    56488 a914c752690bc8abcb6ad247d73dc041

  Sun Sparc architecture:
      Size/MD5 checksum:  8649734 60765d2a2480a9aa5b45d288a2d6df65
      Size/MD5 checksum:   155298 9aab4bf6a3a7187243b60b044ed4d80c
      Size/MD5 checksum:    52734 5af8d15d55aa1d13e80776e1079c2007

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.1 (GNU/Linux)



- 漏洞信息

Mozilla Firefox Standalone Media Player Passed URL Script Execution
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-07-13 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete