CVE-2006-1729
CVSS4.3
发布时间 :2006-04-14 06:02:00
修订时间 :2011-09-21 00:00:00
NMCOP    

[原文]Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.


[CNNVD]Mozilla Suite/Firefox/SeaMonkey 远程安全漏洞(CNNVD-200604-227)

        Mozilla Suite/Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
        Mozilla Firefox 1.x 以前的 1.5.0.2 和 1.0.x 以前的 1.0.8, Mozilla Suite 以前的 1.7.13, 和 SeaMonkey 以前的 1.0.1版本允许攻击者可以通过首先在弹出窗口中加载目标安全站点然后将站点位置更改至不同位置的方式欺骗浏览器的安全站点标识符。如果用户打开了"输入安全站点"模式警告对话框的话,就可以在显示对话框的时候更改窗口位置,而原始站点的安全浏览标识符保持不变。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:firefox:1.5:beta1Mozilla Firefox 1.5 Beta 1
cpe:/a:mozilla:mozilla_suite:1.7.8Mozilla Mozilla Suite 1.7.8
cpe:/a:mozilla:firefox:1.5.0.1Mozilla Firefox 1.5.0.1
cpe:/a:mozilla:thunderbird:1.0.7Mozilla Thunderbird 1.0.7
cpe:/a:mozilla:mozilla_suite:1.7.6Mozilla Mozilla Suite 1.7.6
cpe:/a:mozilla:firefox:1.0.5Mozilla Firefox 1.0.5
cpe:/a:mozilla:firefox:1.0.4Mozilla Firefox 1.0.4
cpe:/a:mozilla:thunderbird:1.5:beta2Mozilla Thunderbird 1.5 Beta 2
cpe:/a:mozilla:firefox:1.0.6Mozilla Firefox 1.0.6
cpe:/a:mozilla:firefox:1.0.7Mozilla Firefox 1.0.7
cpe:/a:mozilla:thunderbird:1.5.0.1Mozilla Thunderbird 1.5.0.1
cpe:/a:mozilla:thunderbird:1.0Mozilla Thunderbird 1.0
cpe:/a:mozilla:seamonkey:1.0::alpha
cpe:/a:mozilla:firefox:1.0.3Mozilla Firefox 1.0.3
cpe:/a:mozilla:thunderbird:1.0.4Mozilla Thunderbird 1.0.4
cpe:/a:mozilla:thunderbird:1.5Mozilla Thunderbird 1.5
cpe:/a:mozilla:firefox:1.0.1Mozilla Firefox 1.0.1
cpe:/a:mozilla:seamonkey:1.0:betaMozilla SeaMonkey 1.0 beta
cpe:/a:mozilla:thunderbird:1.0.5:betaMozilla Thunderbird 1.0.5 Beta
cpe:/a:mozilla:firefox:1.0.2Mozilla Firefox 1.0.2
cpe:/a:mozilla:firefox:1.5Mozilla Firefox 1.5
cpe:/a:mozilla:thunderbird:1.0.5Mozilla Thunderbird 1.0.5
cpe:/a:mozilla:thunderbird:1.0.1Mozilla Thunderbird 1.0.1
cpe:/a:mozilla:mozilla_suite:1.7.12Mozilla Mozilla Suite 1.7.12
cpe:/a:mozilla:mozilla_suite:1.7.11Mozilla Mozilla Suite 1.7.11
cpe:/a:mozilla:mozilla_suite:1.7.7Mozilla Mozilla Suite 1.7.7
cpe:/a:mozilla:firefox:1.0Mozilla Firefox 1.0
cpe:/a:mozilla:firefox:1.5:beta2Mozilla Firefox 1.5 Beta 2
cpe:/a:mozilla:thunderbird:1.0.3Mozilla Thunderbird 1.0.3
cpe:/a:mozilla:thunderbird:1.0.2Mozilla Thunderbird 1.0.2
cpe:/a:mozilla:thunderbird:1.0.6Mozilla Thunderbird 1.0.6
cpe:/a:mozilla:mozilla_suite:1.7.10Mozilla Mozilla Suite 1.7.10

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1929Mozilla File Stealing by Changing Input Type
oval:org.mitre.oval:def:10922Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers t...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1729
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-227
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/25823
(UNKNOWN)  XF  mozilla-textbox-file-access(25823)
http://www.vupen.com/english/advisories/2008/0083
(VENDOR_ADVISORY)  VUPEN  ADV-2008-0083
http://www.vupen.com/english/advisories/2006/3748
(VENDOR_ADVISORY)  VUPEN  ADV-2006-3748
http://www.vupen.com/english/advisories/2006/3391
(VENDOR_ADVISORY)  VUPEN  ADV-2006-3391
http://www.vupen.com/english/advisories/2006/1356
(VENDOR_ADVISORY)  VUPEN  ADV-2006-1356
http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
(UNKNOWN)  UBUNTU  USN-275-1
http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
(UNKNOWN)  UBUNTU  USN-271-1
http://www.securityfocus.com/bid/17516
(UNKNOWN)  BID  17516
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  HPSBUX02153
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  HPSBUX02153
http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:189137-2
http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:189137-1
http://www.redhat.com/support/errata/RHSA-2006-0329.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0329
http://www.redhat.com/support/errata/RHSA-2006-0328.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0328
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
(UNKNOWN)  FEDORA  FEDORA-2006-411
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
(UNKNOWN)  FEDORA  FEDORA-2006-410
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
(UNKNOWN)  SUSE  SUSE-SA:2006:035
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
(UNKNOWN)  MANDRIVA  MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
(UNKNOWN)  MANDRIVA  MDKSA-2006:075
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
(UNKNOWN)  GENTOO  GLSA-200604-18
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
(UNKNOWN)  GENTOO  GLSA-200604-12
http://www.debian.org/security/2006/dsa-1051
(UNKNOWN)  DEBIAN  DSA-1051
http://www.debian.org/security/2006/dsa-1046
(UNKNOWN)  DEBIAN  DSA-1046
http://www.debian.org/security/2006/dsa-1044
(UNKNOWN)  DEBIAN  DSA-1044
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
(UNKNOWN)  SUNALERT  228526
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
(UNKNOWN)  SUNALERT  102550
http://secunia.com/advisories/22066
(VENDOR_ADVISORY)  SECUNIA  22066
http://secunia.com/advisories/21622
(VENDOR_ADVISORY)  SECUNIA  21622
http://secunia.com/advisories/21033
(VENDOR_ADVISORY)  SECUNIA  21033
http://secunia.com/advisories/19941
(VENDOR_ADVISORY)  SECUNIA  19941
http://secunia.com/advisories/19902
(VENDOR_ADVISORY)  SECUNIA  19902
http://secunia.com/advisories/19863
(VENDOR_ADVISORY)  SECUNIA  19863
http://secunia.com/advisories/19862
(VENDOR_ADVISORY)  SECUNIA  19862
http://secunia.com/advisories/19852
(VENDOR_ADVISORY)  SECUNIA  19852
http://secunia.com/advisories/19811
(VENDOR_ADVISORY)  SECUNIA  19811
http://secunia.com/advisories/19794
(VENDOR_ADVISORY)  SECUNIA  19794
http://secunia.com/advisories/19759
(VENDOR_ADVISORY)  SECUNIA  19759
http://secunia.com/advisories/19746
(VENDOR_ADVISORY)  SECUNIA  19746
http://secunia.com/advisories/19729
(VENDOR_ADVISORY)  SECUNIA  19729
http://secunia.com/advisories/19721
(VENDOR_ADVISORY)  SECUNIA  19721
http://secunia.com/advisories/19714
(VENDOR_ADVISORY)  SECUNIA  19714
http://secunia.com/advisories/19696
(VENDOR_ADVISORY)  SECUNIA  19696
http://secunia.com/advisories/19649
(VENDOR_ADVISORY)  SECUNIA  19649
http://secunia.com/advisories/19631
(VENDOR_ADVISORY)  SECUNIA  19631
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
(UNKNOWN)  SUSE  SUSE-SA:2006:021
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
(UNKNOWN)  SGI  20060404-01-U
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
(UNKNOWN)  SCO  SCOSA-2006.26

- 漏洞信息

Mozilla Suite/Firefox/SeaMonkey 远程安全漏洞
中危 输入验证
2006-04-14 00:00:00 2009-07-28 00:00:00
远程  
        Mozilla Suite/Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
        Mozilla Firefox 1.x 以前的 1.5.0.2 和 1.0.x 以前的 1.0.8, Mozilla Suite 以前的 1.7.13, 和 SeaMonkey 以前的 1.0.1版本允许攻击者可以通过首先在弹出窗口中加载目标安全站点然后将站点位置更改至不同位置的方式欺骗浏览器的安全站点标识符。如果用户打开了"输入安全站点"模式警告对话框的话,就可以在显示对话框的时候更改窗口位置,而原始站点的安全浏览标识符保持不变。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sun Solaris 10.0
        Sun 119115-21
        http://sunsolve.sun.com/
        Sun Solaris 8
        Sun 120671-03
        http://sunsolve.sun.com/patches/
        HP HP-UX B.11.23
        HP Firefox v2.0.0.4
        http://www.hp.com/products1/unix/java/firefox/downloads/license_firefo x_2-0-0-4.html
        HP thunderbird_1.5.0.9_ia.depot.gz
        For HP-UX B.11.23 and B.11.31 (IA)
        http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html
        HP thunderbird_1.5.0.9_pa.depot.gz
        For HP-UX B.11.11, B.11.23, and B.11.31 (PA)
        http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html
        HP HP-UX B.11.11
        HP Firefox v2.0.0.4
        http://www.hp.com/products1/unix/java/firefox/downloads/license_firefo x_2-0-0-4.html
        HP thunderbird_1.5.0.9_pa.depot.gz
        For HP-UX B.11.11, B.11.23, and B.11.31 (PA)
        http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html
        Mozilla Thunderbird 0.8
        Fedora Legacy thunderbird-1.0.8-1.1.fc3.4.legacy.i386.rpm
        Fedora Core 3:
        http://download.fedoralegacy.org/fedora/3/updates/i386/thunderbird-1.0 .8-1.1.fc3.4.legacy.i386.rpm
        Fedora Legacy thunderbird-1.0.8-1.1.fc3.4.legacy.x86_64.rpm
        Fedora Core 3:
        http://download.fedoralegacy.org/fedora/3/updates/x86_64/thunderbird-1 .0.8-1.1.fc3.4.legacy.x86_64.rpm
        Mozilla Firefox 1.0.4
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_alpha.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_amd64.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_arm.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_hppa.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_i386.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_ia64.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_m68k.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_mips.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_s390.deb
        Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_sparc.deb
        Debian mozilla-firefox-gnome-support_1.0.4-2sarge6_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-gnome-support_1.

- 漏洞信息 (F46106)

Debian Linux Security Advisory 1051-1 (PacketStormID:F46106)
2006-05-06 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2005-2353,CVE-2005-4134,CVE-2006-0292,CVE-2006-0293,CVE-2006-0296,CVE-2006-0748,CVE-2006-0749,CVE-2006-0884,CVE-2006-1045,CVE-2006-1529,CVE-2006-1530,CVE-2006-1531,CVE-2006-1723,CVE-2006-1724,CVE-2006-1727,CVE-2006-1728,CVE-2006-1729,CVE-2006-1730
[点击下载]

Debian Security Advisory 1051-1 - Several security related problems have been discovered in Mozilla Thunderbird. This advisory addresses those issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1051-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 4th, 2006                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293
                 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884
                 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531
                 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728
                 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733
                 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737
                 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741
                 CVE-2006-1742 CVE-2006-1790
CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382
                 VU#592425 VU#736934 VU#813230 VU#842094 VU#932734 VU#935556
BugTraq IDs    : 15773 16476 16476 16770 16881 17516

Several security related problems have been discovered in Mozilla
Thunderbird.  The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2005-2353

    The "run-mozilla.sh" script allows local users to create or
    overwrite arbitrary files when debugging is enabled via a symlink
    attack on temporary files.

CVE-2005-4134

    Web pages with extremely long titles cause subsequent launches of
    the browser to appear to "hang" for up to a few minutes, or even
    crash if the computer has insufficient memory.  [MFSA-2006-03]

CVE-2006-0292

    The Javascript interpreter does not properly dereference objects,
    which allows remote attackers to cause a denial of service or
    execute arbitrary code.  [MFSA-2006-01]

CVE-2006-0293

    The function allocation code allows attackers to cause a denial of
    service and possibly execute arbitrary code.  [MFSA-2006-01]

CVE-2006-0296

    XULDocument.persist() did not validate the attribute name,
    allowing an attacker to inject arbitrary XML and JavaScript code
    into localstore.rdf that would be read and acted upon during
    startup.  [MFSA-2006-05]

CVE-2006-0748

    An anonymous researcher for TippingPoint and the Zero Day
    Initiative reported that an invalid and nonsensical ordering of
    table-related tags can be exploited to execute arbitrary code.
    [MFSA-2006-27]

CVE-2006-0749

    A particular sequence of HTML tags can cause memory corruption
    that can be exploited to exectute arbitary code.  [MFSA-2006-18]

CVE-2006-0884

    Georgi Guninski reports that forwarding mail in-line while using
    the default HTML "rich mail" editor will execute JavaScript
    embedded in the e-mail message with full privileges of the client.
    [MFSA-2006-21]

CVE-2006-1045

    The HTML rendering engine does not properly block external images
    from inline HTML attachments when "Block loading of remote images
    in mail messages" is enabled, which could allow remote attackers
    to obtain sensitive information.  [MFSA-2006-26]

CVE-2006-1529

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1530

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1531

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1723

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1724

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1727

    Georgi Guninski reported two variants of using scripts in an XBL
    control to gain chrome privileges when the page is viewed under
    "Print Preview".under "Print Preview".  [MFSA-2006-25]

CVE-2006-1728

    "shutdown" discovered that the crypto.generateCRMFRequest method
    can be used to run arbitrary code with the privilege of the user
    running the browser, which could enable an attacker to install
    malware.  [MFSA-2006-24]

CVE-2006-1729

    Claus J    

- 漏洞信息

24678
Mozilla Multiple Products Text Box Arbitrary File Access
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-04-13 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站