CVE-2005-2968
CVSS7.5
发布时间 :2005-09-20 18:03:00
修订时间 :2011-03-07 21:25:22
NMCOPS    

[原文]Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.


[CNNVD]Mozilla Firefox任意命令执行漏洞(CNNVD-200509-176)

        Mozilla Firefox是非常流行的开源WEB浏览器。
        Mozilla Firefox for Linux中存在远程命令执行漏洞,远程攻击者可以通过诱骗用户点击恶意链接在目标系统上执行任意代码。起因是在通过命令行处理特制URL(反引号字符中包含有恶意shell命令)时存在输入验证错误。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:mozilla:1.7.10::linux
cpe:/a:mozilla:firefox:1.0.6::linux

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11105Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the br...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2968
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-176
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/914681
(UNKNOWN)  CERT-VN  VU#914681
https://bugzilla.mozilla.org/show_bug.cgi?id=307185
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.mozilla.org/show_bug.cgi?id=307185
http://secunia.com/advisories/16869
(VENDOR_ADVISORY)  SECUNIA  16869
http://www.vupen.com/english/advisories/2005/1824
(UNKNOWN)  VUPEN  ADV-2005-1824
http://www.vupen.com/english/advisories/2005/1794
(UNKNOWN)  VUPEN  ADV-2005-1794
http://www.ubuntu.com/usn/usn-186-2
(UNKNOWN)  UBUNTU  USN-186-2
http://www.ubuntu.com/usn/usn-186-1
(UNKNOWN)  UBUNTU  USN-186-1
http://www.redhat.com/support/errata/RHSA-2005-785.html
(UNKNOWN)  REDHAT  RHSA-2005:785
http://www.mozilla.org/security/announce/mfsa2005-58.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.ubuntu.com/usn/usn-200-1
(UNKNOWN)  UBUNTU  USN-200-1
http://www.securityfocus.com/bid/15495
(UNKNOWN)  BID  15495
http://www.securityfocus.com/bid/14888
(UNKNOWN)  BID  14888
http://www.redhat.com/support/errata/RHSA-2005-791.html
(UNKNOWN)  REDHAT  RHSA-2005:791
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
(UNKNOWN)  MANDRIVA  MDKSA-2005:174
http://www.debian.org/security/2005/dsa-868
(UNKNOWN)  DEBIAN  DSA-868
http://www.debian.org/security/2005/dsa-866
(UNKNOWN)  DEBIAN  DSA-866
http://secunia.com/advisories/17284
(UNKNOWN)  SECUNIA  17284
http://secunia.com/advisories/17263
(UNKNOWN)  SECUNIA  17263
http://secunia.com/advisories/17149
(UNKNOWN)  SECUNIA  17149
http://secunia.com/advisories/17090
(UNKNOWN)  SECUNIA  17090
http://secunia.com/advisories/17042
(UNKNOWN)  SECUNIA  17042
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
(UNKNOWN)  SCO  SCOSA-2005.49

- 漏洞信息

Mozilla Firefox任意命令执行漏洞
高危 资料不足
2005-09-20 00:00:00 2005-10-20 00:00:00
远程※本地  
        Mozilla Firefox是非常流行的开源WEB浏览器。
        Mozilla Firefox for Linux中存在远程命令执行漏洞,远程攻击者可以通过诱骗用户点击恶意链接在目标系统上执行任意代码。起因是在通过命令行处理特制URL(反引号字符中包含有恶意shell命令)时存在输入验证错误。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.mozilla.org/products/firefox/

- 漏洞信息 (F40896)

Debian Linux Security Advisory 866-1 (PacketStormID:F40896)
2005-10-25 00:00:00
Debian  security.debian.org
advisory
linux,debian
CVE-2005-2871,CVE-2005-2701,CVE-2005-2702,CVE-2005-2703,CVE-2005-2704,CVE-2005-2705,CVE-2005-2706,CVE-2005-2707,CVE-2005-2968
[点击下载]

Debian Security Advisory DSA 866-1 - Several security-related problems have been discovered in Mozilla and derived programs.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 866-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 20th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CAN-2005-2871 CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 
                 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
                 CAN-2005-2968 
Debian Bug     : 327366 329778

Several security-related problems have been discovered in Mozilla and
derived programs.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2005-2871

    Tom Ferris discovered a bug in the IDN hostname handling of
    Mozilla that allows remote attackers to cause a denial of service
    and possibly execute arbitrary code via a hostname with dashes.

CAN-2005-2701

    A buffer overflow allows remote attackers to execute arbitrary
    code via an XBM image file that ends in a large number of spaces
    instead of the expected end tag.

CAN-2005-2702

    Mats Palmgren discovered a buffer overflow in the Unicode string
    parser that allowas a specially crafted unicode sequences to
    overflow a buffer and cause arbitrary code to be executed.

CAN-2005-2703

    Remote attackers could spoof HTTP headers of XML HTTP requests
    via XMLHttpRequest and possibly use the client to exploit
    vulnerabilities in servers or proxies.

CAN-2005-2704

    Remote attackers could spoof DOM objects via an XBL control that
    implements an internal XPCOM interface.

CAN-2005-2705

    Georgi Guninski discovered an integer overflow in the JavaScript
    engine that might allow remote attackers to execute arbitrary
    code.

CAN-2005-2706

    Remote attackers could execute Javascript code with chrome
    privileges via an about: page such as about:mozilla.

CAN-2005-2707

    Remote attackers could spawn windows without user interface
    components such as the address and status bar that could be used
    to conduct spoofing or phishing attacks.

CAN-2005-2968

    Peter Zelezny discovered that shell metacharacters are not
    properly escaped when they are passed to a shell script and allow
    the execution of arbitrary commands, e.g. when a malicious URL is
    automatically copied from another program into Mozilla as default
    browser.

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 1.7.12-1.

We recommend that you upgrade your mozilla package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.dsc
      Size/MD5 checksum:     1123 8bcf5da1d244d5793c6848126887cb6e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.diff.gz
      Size/MD5 checksum:   410904 c6a4dc4aa262b71eb3e2f927ccba5be0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   168068 0f0d0d688c3ab7cc560f8fd9d6c25d42
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   141750 2ae997e1246b9b1622206b501bea6600
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   184954 4abf2c0225afacf0aa1e1ba3dd800f4b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   851320 2322e9672808b8dbd61ce546c34ae48d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:     1034 ccbb5b52c82a76d6068fb1e566cfc0e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum: 11473888 416d49672810722e9d6a4744ba720801
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   403252 54b0512cf811dca554b670fdd86d49bc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   158332 27c845b849ff9572f4dc422f49a245bb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:  3356504 309d86cb85b51f705a90305234bdd349
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   122294 9da4fba65b40fb381f7c286845db016c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   204138 daba15cfb57b4e90f82f6d5d9229dadd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:  1937032 e3e3b5b01ccc599e80802ea5542be2a8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_alpha.deb
      Size/MD5 checksum:   212304 34a959e6684c4d2420ec8b171431337f

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   168070 468e694be0ebaa5ce4e16ea0c4406189
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   140860 ee10c3ff4a930822c9429adc52bc45ec
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   184958 fd569d871b83791830e2a34bb6d7057d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   709690 daa6df6f1136911cebd67b65e5ae0d8c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:     1034 7506e80353b173f5937fa81b5226c46f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum: 10945966 04cc79158e4dbd34d4914c74b77bf171
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   403278 ac4204e9a030cedbcc2d70f9cf29ec74
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   158332 a948ab9d30f0f70ed531df741bbef633
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:  3350620 ed6b86963e5633e930efa04cbf49c23a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   121188 461d803a26259e607a8ae88227bb8f9b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   204146 57847a442a198b0292cb7342aa601f6a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:  1935958 ecf18b188b80e21b5d453a5f10c98eec
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_amd64.deb
      Size/MD5 checksum:   204120 adedcdc7ce580e37aa1691e1f0017465

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   168072 1680de3cf45d25f199169df90198d91b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   119254 ed0841a82dcbff6f50eaf86884123139
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   184958 760e7eca4f231c8b710679223a1509f4
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   626902 b827e60ee8ef0451819d2b35d94e0cde
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:     1034 4067826ca023d09accef5e01cdcf8927
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:  9199650 6c0531d03c913bdd833244c09c69a755
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   403318 8528b835eb767963139990e95ac22479
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   158370 63bf5489d67b03f59914660f5e3fbc19
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:  3340150 7677f622511082306114f5975a1fdfd5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   112664 6a63c4b71535b14a2951b496bb1737ee
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   204180 a721d46a7ae817223a25a917d7b75b59
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:  1604374 b8c9560bc78a2b11dfa47b909a134915
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_arm.deb
      Size/MD5 checksum:   168724 68e4814d6b8a48ae504c0348e8ba5339

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   170348 3a338ed93f9999e56e8de24750380951
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   131660 371c4a5c674351727d2dafe5981ed459
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   187124 8d536c4dc957e4448d1ca923ff7504e1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   656500 9a48b94605f82038226bdfae108437ad
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:     1032 e00305ced1db4728dc26cbde13f0c875
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum: 10323428 d781aa4f05704110d987cd24ff60787b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   403498 d0b31286d891952b68f8f96244264933
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   158350 cac6b890d307df1f55f64c5ffa6aa0ec
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:  3591928 60af02162969c248eea0960220b8c494
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   116678 1aac8406b1c144c534bcb59cbf2915e5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   204160 b5b7c32fba5f1e20f7e9180888a36c86
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:  1816024 4a576d88be7edd2557b00e0f27b475ca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_i386.deb
      Size/MD5 checksum:   192474 4a5c07772c5ae39ae8567f50ddd87510

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   168074 34194b2472f75c435e4888d035751c7e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   169256 69f323c191a107e6d13131457bcb4201
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   184942 1c81683df7075e3ff638943fd66da558
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   961618 d70bed86c7064819420484ef09f747fa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:     1034 8942e83eb30f9c784fda07e000ffd2cb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum: 12935870 d31336ee6f759a56f0c5a031be5db2a0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   403266 af925e5281bb125f9b9dcb8118ede048
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   158328 0c6de22bd54959f4ef12a7ee148d0a1c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:  3376324 f1d100626a6b892fbe560613db00d4e1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   125600 99bf7b1eac7fd3b9325292c6bb01983c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   204150 7b429e1c119fb0c6f99b73202dd47340
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:  2302138 90d4d4480fddd4b33843d5ede6c6432b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_ia64.deb
      Size/MD5 checksum:   242290 19ef32ec7a3d8112bd262a972abc3244

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   168074 857d31e6f4765f484dcf2188dcc98179
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   151784 93fad6b80c013029fcb2a05d1a894f62
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   184934 a68dbc505fc8c4816adb46a5a3c82c67
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   749684 997993f03e0ff8d8feae6ea7a0ee4dff
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:     1036 ad7167f505365eed5c800f3a6d824a16
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum: 12151356 c3088480f9d891e0668475c630871fa1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   403266 4b3a2d2248051b60f2c8193fff5e0027
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   158348 52d42654912ce2b829e74f4cae61e5f3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:  3357118 030f4677e561c75940a23fc17c53186b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   123528 575de4da90909f637a8209a8b5206a75
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   204160 52cb13a773c8cf6720444832773b2a6d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:  2135076 95b9731fc144da69aa8a565129285867
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_hppa.deb
      Size/MD5 checksum:   216088 0b580da8010bc446450437c4bef6a852

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   168086 5baab34b027715db138a553fa6186ca2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   120922 30aefe61290eea8ecd5d3bb394393cc3
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   184978 d28e4c157e0f7f8d7e6365871325472d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   594988 d0fbe7576e14d79a8a26a6aca6febe54
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:     1040 df7a707868c3782e3e185f51398652ec
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:  9694422 d35904c88782014105ad627782a4d647
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   403392 e9baf3831aabc80453fc932a21705f55
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   158404 64d9cacaee7eddbbebcba896d91a3fb8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:  3336022 410c6771807a58f84fbc68f4efe5d8c0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   114488 ce1439ec5417be6c5331a4d36b2d0ad3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   204204 b0586fecf23027fbb2da77ab2a087374
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:  1683046 202452b798d007b686cfc73b4828e6e4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_m68k.deb
      Size/MD5 checksum:   174656 0576d4e28cff50f35b3b792820a891ee

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   168074 6e600772f1ae9937fad3a85e2d2a819b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   135780 da21f8ecfc98011cab3878329edf0e90
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   184964 eb695db44835f788ffd161d9a09bc07e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   720760 df7ed9e05f5feb97ad5b5aed6a8c1cb9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:     1030 9e7a23c2f26c00651603614bfffcadf7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum: 10717192 7532d54da0609102c98779fcb91342ab
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   403276 b7e6d63030f2507aa6a0edf202a5fcf5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   158342 c0e3c0a92974c016ebe747abe219025a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:  3356424 475fa0b07bf51ff03deae78dbe03e49a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   117650 0c5e2d08ec8f6994fd25249412905810
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   204154 6dc1f043fd9711ef85e746fa68343466
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:  1795494 2902bb4f3409ca9bf1bf5db9f156f4f5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mips.deb
      Size/MD5 checksum:   189686 03ba2c9ff569a7fd9c5662593a79a203

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   168078 dc38711d28268f3612fb63aab9e81e48
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   135722 82e9e23f175607d8df77972ebf1ff567
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   184960 56362daf4f5ece4a42f70d4d679b8920
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   710146 6ff64a6b95ae5a9769f1137b515bb718
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:     1036 0c163e3c37edcce0f892385bba98ae68
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum: 10595798 8c436a58b72d41a17be8b5bd1ba937d0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   403298 74b98bdc891109b89396b728c3a350d6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   158360 0abb0b8f6b9a66598faedc36a4c6aeef
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:  3357168 6c6ade8883db324618c8eb087204b848
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   117230 2a3525c7ae141f632ea91d7f9c53d867
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   204168 8f9b446f41a6ed4377aeabadbb5f727a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:  1777632 a89dff300509a955328983a11fa9715f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mipsel.deb
      Size/MD5 checksum:   187280 4e690552ec6beb0984781e3d02d6ae0b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   168070 2910309767f54c3d9179e41d6609071c
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   126254 b48a81baa031c2f66a41138694092bde
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   184970 885947f4a6c993fe56b9d7ca7a4d0a49
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   713902 a3f5f45ebfcb4572eee055f34ddc6d3c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:     1032 a79846dc6dee5341341dfc0efb839da5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:  9692218 c4c97459a3358dd97f2bb13adb6617b1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   403262 327617a0606e4403989f357bc5816f00
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   158338 7223c837a306972a49005963272827d0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:  3338984 438eeba7c05594e72b934aa3ff0d6b00
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   114572 3dc6efa3ec953457adef9e86e2218252
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   204148 cdb236b98cdd04ea38c4cfeae882dddd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:  1642994 83c2648f40675e1166c38642e5c018fc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_powerpc.deb
      Size/MD5 checksum:   175488 f91f3374e33d102f2e80f47845bbd37a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   168076 9b7c95dae196bca9760da3044314101c
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   151560 2d8299d552d5aefb1909635cd6855178
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   184944 026e95bb0540d3adefc663ef05c30d26
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   793916 4af6b6eff683ecea1c0774e87a9824a4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:     1036 5deff17e56c5bbb63c62abde258dec81
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum: 11316324 577ebed78cd6b3967932766a559b8138
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   403278 497e377c89b6efcff42109fe8056bf2f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   158342 3add2de4c148f0a9b10c8d2a1332a152
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:  3351434 4e3097be4aea2a697126b9a65c459b31
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   121362 cd9ba2c09ca95d7a642d0d786211998e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   204160 1171d20b501f7753313fdaf23a41c024
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:  1944682 2049277c30f63f1d615cc627eb2cec4f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_s390.deb
      Size/MD5 checksum:   213338 5a916db53bef94506e6b0d6f1df9376f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   168074 53076a1fba2d330bd5571cb4fea4fa95
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   123456 818e82c6902a8eb7ff83e5e9ee49d638
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   184950 9ed1a72a7ad2f7822c45b640fc12db2d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   667752 f51a3e38c77d915b56fc4dc858542df0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:     1038 2c6c69ca282a5b3795400a4a6be97dab
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:  9363540 21cd6ebf954090ec18d4440ca3b42ea3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   403306 b2c9c63ba99a77f2c201a131982913d7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   158338 5e7b31b5566dfcb672fc77304e397bc2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:  3339922 e85b9b0a8bb22ba133603e5079176c24
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   112514 5e9c038d6af9878049b337fc7752acca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   204154 2c38ffa9843ed399eeb91c497c512db9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:  1583742 ea09d4a4dbf10fb80f35e6ff6da8c690
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_sparc.deb
      Size/MD5 checksum:   167912 7c07aaca4dcc3a97589237a0b7ffa650


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDVy6yW5ql+IAeqTIRAhJ2AKCzDWZWymjU0a+MQ/YP2Ot0Z/KLLQCeMLhf
jDP9xzoCAxmIUQsVvfX8CNE=
=ioS5
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F40628)

Ubuntu Security Notice 200-1 (PacketStormID:F40628)
2005-10-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary,shell,javascript,vulnerability
linux,ubuntu
CVE-2005-2701,CVE-2005-2702,CVE-2005-2703,CVE-2005-2704,CVE-2005-2705,CVE-2005-2706,CVE-2005-2707,CVE-2005-2968
[点击下载]

Ubuntu Security Notice USN-200-1 - Multiple vulnerabilities exist in the mozilla-thunderbird package. A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. Mats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained zero-width non-joiner characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user's privileges. Georgi Guninski reported an integer overflow in the JavaScript engine. This could be exploited to run arbitrary code under some conditions. Peter Zelezny discovered that URLs which are passed to Thunderbird on the command line are not correctly protected against interpretation by the shell. If Thunderbird is configured as the default handler for mailto: URLs, this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client).

===========================================================
Ubuntu Security Notice USN-200-1	   October 11, 2005
mozilla-thunderbird vulnerabilities
CAN-2005-2701, CAN-2005-2702, CAN-2005-2703, CAN-2005-2704,
CAN-2005-2705, CAN-2005-2706, CAN-2005-2707, CAN-2005-2968
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-thunderbird

The problem can be corrected by upgrading the affected package to
version 1.0.7-0ubuntu04.10 (for Ubuntu 4.10), or 1.0.7-0ubuntu05.04
(for Ubuntu 5.04).  After a standard system upgrade you need to
restart Thunderbird to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the XBM image handler. By tricking
an user into opening a specially crafted XBM image, an attacker could
exploit this to execute arbitrary code with the user's privileges.
(CAN-2005-2701)

Mats Palmgren discovered a buffer overflow in the Unicode string
parser. Unicode strings that contained "zero-width non-joiner"
characters caused a browser crash, which could possibly even exploited
to execute arbitrary code with the user's privileges.
(CAN-2005-2702)

Georgi Guninski reported an integer overflow in the JavaScript engine.
This could be exploited to run arbitrary code under some conditions.
(CAN-2005-2705)

Peter Zelezny discovered that URLs which are passed to Thunderbird on the
command line are not correctly protected against interpretation by the shell.
If Thunderbird is configured as the default handler for "mailto:" URLs, this
could be exploited to execute arbitrary code with user privileges by tricking
the user into clicking on a specially crafted URL (for example, in an email or
chat client).  (CAN-2005-2968)

This update also fixes some less critical issues which are described
at http://www.mozilla.org/security/announce/mfsa2005-58.html.
(CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707)

The "enigmail" plugin has been updated to work with the new
Thunderbird and Mozilla versions.

Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10.diff.gz
      Size/MD5:    79613 f9bde38c0670fa1425a90cb8ce4b0185
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10.dsc
      Size/MD5:      942 707e6e98a71dee959646fc729323fcf8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7.orig.tar.gz
      Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu04.10.2.diff.gz
      Size/MD5:    17273 13d3e8b980bacb933f76c5705f507af2
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu04.10.2.dsc
      Size/MD5:      892 5072d001bb1b206877d11508a069f13f
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.orig.tar.gz
      Size/MD5:  2038607 c79925633b9e01fa6737d75c2e7acb89

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:  3345028 b04933e0f9cad6333998a0dfae666173
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:   144016 156792439201556a8fd6bf9c1a6d985f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:    26556 015d82c959ee206ceb2c09220a0fd6f4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:    81636 f9331c7d54dc993721c18934398732e4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5: 12260290 5c5df9f4ca8502a0d6d084145989649f
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_amd64.deb
      Size/MD5:   326932 eaad6317faffbfe400f49969137b718e
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_amd64.deb
      Size/MD5:   332914 a523cf68e0f4a123919f160efc27146b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:  3338654 c0abd1899e6a8359a4f6793ccd8ea4af
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:   139126 190afe37f6e2da0fa3dc2d8104be281c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:    26552 ab522a27164827f14ef71cb132e290ef
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:    79288 0613543b80f24e73e91e5b2e271b62dc
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5: 11342604 a55bf50bc133c38da9fb2fd29fcf783d
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_i386.deb
      Size/MD5:   310660 3234927815cbf29ba5e185c9b9b95b11
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_i386.deb
      Size/MD5:   318280 4fd58af2f3741c214b423a5c56574a80

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:  3333802 030aced3c33f475e172db83e791df525
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:   137894 2716caa9d79e6eedaaaa2d56a53ddc9a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:    26552 d7a3b05a93f84b2a1fc3dbcf088a2639
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:    73418 03b28536712653dc9394972399121cae
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5: 10896852 2e40122393db4aec2ecb17758464bd48
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_powerpc.deb
      Size/MD5:   312894 b76c35805b1a190d35a82ae36e79faf4
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_powerpc.deb
      Size/MD5:   320138 603c5ef819898111cc7534c8a2ade052

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04.diff.gz
      Size/MD5:    79568 927f7fb3e2fa0d91e3e2929a3fbb022f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04.dsc
      Size/MD5:      942 e644b0e7b01047b3014b63fc9a334a45
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7.orig.tar.gz
      Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.2.diff.gz
      Size/MD5:    17263 bc977ffccd94a895507a89fab00c0740
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.2.dsc
      Size/MD5:      892 8c5e2196917a692743a46aeee4c1742a
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.orig.tar.gz
      Size/MD5:  2038607 c79925633b9e01fa6737d75c2e7acb89

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:  3344886 15f56aecc9a8c76a69479f75f0559ee4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:   144006 4e60bcf3fb0c32d57a0b24d162feb23a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:    26524 b2b1b1e7f6b7432c44b9e46f13528d1f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:    81504 89cfb1ce5708c1c3cf41082bc486c403
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5: 11953616 80eaa1ccacbd8bbc343ed05603431c7b
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_amd64.deb
      Size/MD5:   326942 358d55b0964721b909d0a5d1c7f99d41
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_amd64.deb
      Size/MD5:   332960 91f90a97e9ad7dd36e91daf95d48068a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:  3338534 c23ffedc8034495f9c4b672597b3301c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:   139102 8dfdcc3cecd98f6553c2f6e1294f3131
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:    26520 7ddb9e9fa4bd2a4a4b25a74c49fbffea
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:    79248 13adc727d9bf951eff938d3c352f7fc9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5: 10901960 96bdb11e0ac8fe09cf83ccc49ae19351
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_i386.deb
      Size/MD5:   310688 8513c0c249978caa18d56b2e8a8141be
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_i386.deb
      Size/MD5:   318308 61e86fa897f1b3a9609769633c63485a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:  3333732 d0914dd3b69c3d16e3e5404d8eb69e7b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:   137880 9656e69890c3d1abe624e530b1480c25
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:    26530 d58893a55c9d6da837223e868d2ef523
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:    73480 52011db0bc524f75ec78f69d1dc2736e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5: 10447288 6289932038b021a33926ff180990c755
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_powerpc.deb
      Size/MD5:   313004 5174b8c1afd1063b80d638f14d0dfe9c
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_powerpc.deb
      Size/MD5:   320088 90895e1af1e604ded4ff5e9eb9eec95a
    

- 漏洞信息 (F40318)

Mandriva Linux Security Advisory 2005.169 (PacketStormID:F40318)
2005-09-28 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2005-2702,CVE-2005-2703,CVE-2005-2704,CVE-2005-2705,CVE-2005-2706,CVE-2005-2707,CVE-2005-2968
[点击下载]

Mandriva Linux Security Update Advisory - A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           mozilla-firefox
 Advisory ID:            MDKSA-2005:169
 Date:                   September 26th, 2005

 Affected versions:	 10.2
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities have been discovered in Mozilla Firefox
 that have been corrected in version 1.0.7:
 
 A bug in the way Firefox processes XBM images could be used to execute
 arbitrary code via a specially crafted XBM image file (CAN-2005-2701).
 
 A bug in the way Firefox handles certain Unicode sequences could be
 used to execute arbitrary code via viewing a specially crafted Unicode
 sequence (CAN-2005-2702).
 
 A bug in the way Firefox makes XMLHttp requests could be abused by a
 malicious web page to exploit other proxy or server flaws from the
 victim's machine; however, the default behaviour of the browser is to
 disallow this (CAN-2005-2703).
 
 A bug in the way Firefox implemented its XBL interface could be abused
 by a malicious web page to create an XBL binding in such a way as to
 allow arbitrary JavaScript execution with chrome permissions
 (CAN-2005-2704).
 
 An integer overflow in Firefox's JavaScript engine could be manipulated
 in certain conditions to allow a malicious web page to execute
 arbitrary code (CAN-2005-2705).
 
 A bug in the way Firefox displays about: pages could be used to execute
 JavaScript with chrome privileges (CAN-2005-2706).
 
 A bug in the way Firefox opens new windows could be used by a malicious
 web page to construct a new window without any user interface elements
 (such as address bar and status bar) that could be used to potentially
 mislead the user (CAN-2005-2707).
 
 A bug in the way Firefox proceesed URLs on the command line could be
 used to execute arbitary commands as the user running Firefox; this
 could be abused by clicking on a supplied link, such as from an instant
 messaging client (CAN-2005-2968).
 
 The updated packages have been patched to address these issues and all
 users are urged to upgrade immediately.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968
  http://www.mozilla.org/security/announce/mfsa2005-58.html
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.2:
 aa128125581323ada6917cf71d73af73  10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
 c91875aae8fbfb23c684443111ab2bfb  10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
 09d4afd21b17bc091c9087f8669d439b  10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
 f287c600ffa5bef0a7865b8942f82223  10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
 78491507510c36caa971c5667a0b39eb  10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.i586.rpm
 37a3d3d39c3f29a8a20c062e56ade3eb  10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.i586.rpm
 d78f74a900992ad5e0904da8b17ba78b  10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 895038bb470beda14c6de3fa5f3fc5ce  x86_64/10.2/RPMS/lib64nspr4-1.0.2-9.1.102mdk.x86_64.rpm
 d0a573b27841bcb358b7a5bf99867fda  x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-9.1.102mdk.x86_64.rpm
 aa128125581323ada6917cf71d73af73  x86_64/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
 c91875aae8fbfb23c684443111ab2bfb  x86_64/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
 b86a14e377368e647a408218871924c7  x86_64/10.2/RPMS/lib64nss3-1.0.2-9.1.102mdk.x86_64.rpm
 4bdabb56ef5f8eb4058fcfeca56aba79  x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-9.1.102mdk.x86_64.rpm
 09d4afd21b17bc091c9087f8669d439b  x86_64/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
 f287c600ffa5bef0a7865b8942f82223  x86_64/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
 1988da499fd2b06805d6aea3deb0ed72  x86_64/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.x86_64.rpm
 c7e70731b9873ebbe6eab2046ecdfe68  x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.x86_64.rpm
 d78f74a900992ad5e0904da8b17ba78b  x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDOMJHmqjQ0CJFipgRAoBtAKDSjceCU6aIIjgQRD6Ihojew6RB2gCdGoHp
ayU11aK6Xq6oIbophmTk96U=
=MQPT
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F40238)

Ubuntu Security Notice 186-1 (PacketStormID:F40238)
2005-09-24 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,shell
linux,ubuntu
CVE-2005-2968
[点击下载]

Ubuntu Security Notice USN-186-1 - Peter Zelezny discovered that URLs which are passed to Firefox or Mozilla on the command line are not correctly protected against interpretation by the shell. If Firefox or Mozilla is configured as the default handler for URLs (which is the default in Ubuntu), this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client).

--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-186-1	 September 23, 2005
mozilla, mozilla-firefox vulnerabilities
CAN-2005-2968, MFSA-2005-58
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-browser
mozilla-calendar
mozilla-mailnews
mozilla-firefox

On Ubuntu 4.10, the problem can be corrected by upgrading the affected
package to version 2:1.7.12-0ubuntu04.10 (mozilla-browser,
mozilla-calendar, mozilla-mailnews).

On Ubuntu 5.04, the problem can be corrected by upgrading the affected
package to version 2:1.7.12-0ubuntu05.04 (mozilla-browser,
mozilla-calendar, mozilla-mailnews) and 1.0.7-0ubuntu0.1
(mozilla-firefox).

After a standard system upgrade you need to restart all Firefox and
Mozilla browsers to effect the necessary changes.

Note: The Ubuntu 4.10 version of Firefox is also affected by this. An
update will follow shortly.

Details follow:

Peter Zelezny discovered that URLs which are passed to Firefox or
Mozilla on the command line are not correctly protected against
interpretation by the shell. If Firefox or Mozilla is configured as
the default handler for URLs (which is the default in Ubuntu), this
could be exploited to execute arbitrary code with user privileges by
tricking the user into clicking on a specially crafted URL (for
example, in an email or chat client).  (CAN-2005-2968, MFSA-2005-59)

A buffer overflow was discovered in the XBM image handler. By tricking
an user into opening a specially crafted XBM image, an attacker could
exploit this to execute arbitrary code with the user's privileges.
(MFSA-2005-58)

Mats Palmgren discovered a buffer overflow in the Unicode string
parser. Unicode strings that contained "zero-width non-joiner"
characters caused a browser crash, which could possibly even exploited
to execute arbitrary code with the user's privileges.
(MFSA-2005-58)

Georgi Guninski reported an integer overflow in the JavaScript engine.
This could be exploited to run arbitrary code under some conditions.
(MFSA-2005-58)

This update also fixes some less critical issues which are described
at http://www.mozilla.org/security/announce/mfsa2005-58.html.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.12-0ubuntu04.10.diff.gz
      Size/MD5:   788223 aa1e4fc34a5972bd8c63bdeb00a00548
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.12-0ubuntu04.10.dsc
      Size/MD5:     1114 26b9577fa6b313c15e3472eee0dd008b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.12.orig.tar.gz
      Size/MD5: 30586581 2dea597156bca18aa1a1ad2162fc230f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   168068 4246ddfebd7ecd667a24963fcecfbdb4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   140048 edf093b2753e4a1aeeb3aa93f17d3bfd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   184948 4971fabf944871cb79e57d7513b69a68
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   708738 9d911df0c16a8c8f03912b2f7f83a953
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5: 11418378 a7b06bae3410058189d899a480822977
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   403276 2397b79a8b453293fe7df4102133dcbd
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   158330 7d1342ae3704452e252f34772d74f6bd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:  3350490 c5706cfb23ae321fb9c861def4008921
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   121144 2bceda531d48feb75ee4f6f29e90a9bf
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   204158 aed00506b295571e2f5d987b8810bb51
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:  1937802 3ee5ab5c88e2b5e8fa986647588b698c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:   204172 db6fa05ac05fd0b155a658b8f5314586
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.12-0ubuntu04.10_amd64.deb
      Size/MD5:     1040 fda02d1f818b599724dc95ddb0fcd1b9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   168068 5fd93ef1c080ccc9cd2275d00b665b75
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   126604 167ed1a6eb48f74b71b8833a8b7dd4da
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   184946 99a4c8a4a3f992cf586c38ac24cb7f76
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   638390 14d17c52af2afb68fdfcbc1ecd3b76ed
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5: 10603776 07129fa46d8b4dc09f83e1bf1effc107
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   403266 3fd5dad0c12ac4ffb15cef2b89a75388
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   158328 6b6b2f1d1580932f336b1154d270011e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:  3343338 177ce9f0ba9325b8fd105868d4ab9af6
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   115812 55af0701990c4e1959a07c96f9541d62
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   204146 4f7751b02d563503c9f9fd7781563ae5
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:  1780918 9b694361f191aa5ac96c5150d3b56a73
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:   188212 9e5508805c6d9d01a9cf7b72557402a3
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.12-0ubuntu04.10_i386.deb
      Size/MD5:     1034 723286cce9011977cf1c3d43c1c475d7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   168074 e9ed909e7f3db040d33fb8e5c6af289e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   125238 56f38b44f9813b955d25de26ce227f4a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   184948 ce0d42494dc4ebbcb7e3e173792f6425
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   713148 73872acae67d348785c872e4f18b7bbd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5: 10166548 209040f237e68d0a6cdd32a18a83ed30
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   403272 b9b7b1b11c436273d45d4578bf121a7b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   158338 5ced5f8a90cf476aff3fed4e9e89716d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:  3338602 7cf6ca63ef69d3f5b5187f7df87822e5
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   114548 7577d4889ee0f94f7d097239721b7c54
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   204162 0d1766be6634726ac95ea644a5f35479
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:  1642590 4d04eb9ddf161c9a61d15c5bbb3cb474
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:   175492 37a4b4141da284f73ff15e1f88a960cc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.12-0ubuntu04.10_powerpc.deb
      Size/MD5:     1040 d777cab85f19cc9efc173d6c3e779168

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.12-0ubuntu05.04.diff.gz
      Size/MD5:   311548 54c5a98b96d3e5da6641e9b6fbab323f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.12-0ubuntu05.04.dsc
      Size/MD5:     1136 5898d1e89e20f00ec8f063bc83d7136b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.12.orig.tar.gz
      Size/MD5: 30586581 2dea597156bca18aa1a1ad2162fc230f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.7-0ubuntu0.1.diff.gz
      Size/MD5:   805864 b508b6c501809c0e614c5281f8bd8210
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.7-0ubuntu0.1.dsc
      Size/MD5:     1101 fc727b8a2c4748e9eb1680a59a1c38a9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.7.orig.tar.gz
      Size/MD5: 41535890 c7c83c060b13562fc1bb53cf51cb38fa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   168080 0b9d7b8244dc86303823b0af730017ba
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   140524 5e3dd7f65aec8a693fe416588fec43f3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   184954 60fe4d7274d3a8263b213fe71132a231
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   709362 d82fa58b9cfe7ffbdbcbba9e7866090a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5: 10605316 c2cce4cb71bfb1458eb732280896c13d
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   403260 db6e5dc27ac708b4829a83450bb88c50
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   158328 4b67bb5f17cce41687d8e027beed42a8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:  3350600 39d0a272b446d628f49fbc3610fd164d
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   121184 e40aee293e487db8dab67d1c01de1c4e
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   204146 32bfedbc3cbbbed031c1b365e20b7918
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:  1935964 97da3c9fed4737670b7083a43fce759c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:   204118 b05f3a23703bba78394dde931754a57b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.12-0ubuntu05.04_amd64.deb
      Size/MD5:     1038 2f32f9c5e2317fbb3bbacae8fb563040
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.7-0ubuntu0.1_amd64.deb
      Size/MD5:  2632830 31f1e2e283ccc940d42efd59665970eb
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.7-0ubuntu0.1_amd64.deb
      Size/MD5:   157950 b08b741f63d8604fbd3dacd786835490
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.7-0ubuntu0.1_amd64.deb
      Size/MD5:    57228 40ad25dc461816e15a072b5457f1391e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.7-0ubuntu0.1_amd64.deb
      Size/MD5:  9773040 58ef45a552bd70b49dcb159795e6f054

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   168070 587a2ee227fa7b3686aac04a353b300a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   127188 929f7c02749f00a6b901fe5164393bc5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   184954 c43aab0249cafd30f0d49d6e776d0203
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   639180 eeb0fe190d7f7611cb66eb2b0b3d291c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:  9617562 d7193fa393e6748328af8bf62272c5ea
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   403272 1431f851e61520b598c16fd8f7a9abbc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   158326 483d7c68c0aec4d09c326b41b0d7a3a7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:  3342992 a901d6e55c6cc6ec584c3d1a4f11aa56
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   115824 e6cf11402b033ed6efd39ee5cc6077ba
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   204160 51e195495da9233fd88c316552f9cc5f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:  1780874 7d0e0f5e56b25d79e3d78afc11bb80d4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:   188194 41ee58b1ccc3ceb73e63fb54d9a55a6a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.12-0ubuntu05.04_i386.deb
      Size/MD5:     1038 ac085c4ef4f9a3d038cb7c83c0437e44
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.7-0ubuntu0.1_i386.deb
      Size/MD5:  2632838 07d55f74a1a1a70ba760256789582f5a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.7-0ubuntu0.1_i386.deb
      Size/MD5:   152868 2798bebe9e74497834f9624910c2a573
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.7-0ubuntu0.1_i386.deb
      Size/MD5:    53826 6e467114233760c65b340957e8b1936c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.7-0ubuntu0.1_i386.deb
      Size/MD5:  8802094 684a5026f3a9210edf153e12d341e1b6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   168070 b2f7fa7e1286fb27c479bce2ab4cf99c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   125932 23fc376c2ae03ea9bb95399a54b14406
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   184934 d2a25e726117df16b1b99ddbe40e5c99
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   713582 2cf9200a8abf3c61104009cb26953607
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:  9169128 863dc96a2652e8e38494924d37a54f2c
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   403274 2b2840882e6cbe9fb26ac9c07b278348
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   158330 e5b6542a912847608ba55c263a2755f0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:  3338704 580706999e4f4450fd371884a63e3fe9
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   114576 bb1456569ca974591cc97178cd5d0e2a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   204160 41cab2fa8c73b6aa96e11bfe34e6aa0e
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:  1642988 e5767e432b69fe339036147f33f92d88
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:   175492 c5b6399589bd94b251a4a5d16f910ee5
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.12-0ubuntu05.04_powerpc.deb
      Size/MD5:     1046 18104d5736df40220e5c187ac113bac2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.7-0ubuntu0.1_powerpc.deb
      Size/MD5:  2632888 6bf863da630863d42f4beaf0ae8a6e08
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.7-0ubuntu0.1_powerpc.deb
      Size/MD5:   151598 acfc5e461326a34c58fca9a6bae67283
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.7-0ubuntu0.1_powerpc.deb
      Size/MD5:    56470 af6a58de6f12c1a9757dce2a9f0cb1a0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.7-0ubuntu0.1_powerpc.deb
      Size/MD5:  8462888 049c55d4afd0418f53231002bdb4ea5f

--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDNBOUDecnbV4Fd/IRAua3AJ9TzkMhnotqAOwstlUYGkB6PeDS/ACfVJjz
0fAWZwz7UdzclK4sdIsQL34=
=mSK5
-----END PGP SIGNATURE-----

--cNdxnHkX5QqsyA0e--
    

- 漏洞信息

19589
Mozilla Products Command Line URL Arbitrary Shell Command Injection

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-20 2005-09-06
2005-09-20 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Mozilla Browser/Firefox Arbitrary Command Execution Vulnerability
Input Validation Error 14888
Yes No
2005-09-20 12:00:00 2009-07-12 05:06:00
Discovery is credited to Peter Zelezny.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux -current
SGI ProPack 3.0 SP6
Red Hat Fedora Core4
Red Hat Fedora Core3
Mozilla Thunderbird 1.0.6
Mozilla Thunderbird 1.0.5
Mozilla Thunderbird 1.0.2
Mozilla Thunderbird 1.0.1
Mozilla Thunderbird 1.0
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.2
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.2
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 4
Mozilla Browser 1.7.11
Mozilla Browser 1.7.9
Mozilla Browser 1.7.8
Mozilla Browser 1.7.7
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 4
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
Mozilla Browser 1.7.6
+ HP HP-UX B.11.23
+ HP HP-UX B.11.23
+ HP HP-UX B.11.22
+ HP HP-UX B.11.22
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.00
+ HP HP-UX B.11.00
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 4
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
Mozilla Browser 1.7.5
+ HP Tru64 5.1 B-2 PK4 (BL25)
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6
+ HP Tru64 5.1 A PK6
Mozilla Browser 1.7.4
Mozilla Browser 1.7.3
+ HP HP-UX B.11.23
+ HP HP-UX B.11.22
+ HP HP-UX B.11.22
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.11
+ HP HP-UX B.11.00
+ HP HP-UX B.11.00
+ HP Tru64 5.1 B-2 PK4 (BL25)
+ HP Tru64 5.1 B-2 PK4 (BL25)
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B-2 PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 B PK4
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6 (BL24)
+ HP Tru64 5.1 A PK6
+ HP Tru64 5.1 A PK6
Mozilla Browser 1.7.2
Mozilla Browser 1.7.1
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7 rc2
Mozilla Browser 1.7 rc1
Mozilla Browser 1.7 beta
Mozilla Browser 1.7 alpha
Mozilla Browser 1.7
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Mozilla Thunderbird 1.0.7
Mozilla Firefox 1.0.7
Mozilla Browser 1.7.12

- 不受影响的程序版本

Mozilla Thunderbird 1.0.7
Mozilla Firefox 1.0.7
Mozilla Browser 1.7.12

- 漏洞讨论

Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability.

This attack would occur in the context of the user running the vulnerable application and may facilitate unauthorized remote access.

Mozilla Firefox 1.0.6 running on UNIX-based platforms is reportedly vulnerable. Other versions and applications employing Firefox functionality may be vulnerable as well.

Mozilla Browser 1.7.x versions and Thunderbird 1.x versions are also vulnerable to this issue.

- 漏洞利用

An exploit is not required.

The following proof of concept example was provided:
http://local\`find\`host

- 解决方案


Please see the referenced advisories for further information.


Mozilla Firefox 1.0.2

Mozilla Thunderbird 1.0.2

Mozilla Thunderbird 1.0.5

Mozilla Thunderbird 1.0.6

Mozilla Firefox 1.0.6

Mozilla Browser 1.7 rc1

Mozilla Browser 1.7

Mozilla Browser 1.7 rc2

Mozilla Browser 1.7 alpha

Mozilla Browser 1.7 beta

Mozilla Browser 1.7 rc3

Mozilla Browser 1.7.1

Mozilla Browser 1.7.11

Mozilla Browser 1.7.2

Mozilla Browser 1.7.3

Mozilla Browser 1.7.4

Mozilla Browser 1.7.5

Mozilla Browser 1.7.6

Mozilla Browser 1.7.7

Mozilla Browser 1.7.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站