| CNNVD-ID编号 | CNNVD-201907-480 |
| CVE编号 | CVE-2019-11712 |
| 发布时间 | 2019-07-09 |
| 更新时间 | 2019-12-12 |
| 漏洞类型 | 跨站请求伪造 |
| 漏洞来源 | Gregory Smiley of Security Compass, Rakesh Mane, Linus S?¤rud, Christian Holler, Linus S?¤rud, Henry Corrigan-Gibbs, Rakesh Mane, Boris Zbarsky, an,Niklas Baumstark, Jonas Allmann, Jonas Allmann, Andreea Pavel, Tyson Smith,Debian, Luigi Gubello, Luigi Gubello, Honza Bambas, Gregory Smiley of Security Compass, Tyson Smith, Jason Kratzer, Hanno B??ck |
| 危险等级 | 高危 |
| 威胁类型 | 远程 |
| 厂 商 | N/A |
Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。
Mozilla Firefox 68之前版本和Firefox ESR 60.8之前版本中存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。
目前厂商已发布升级了Mozilla Firefox和Firefox ESR 跨站请求伪造漏洞的补丁,Mozilla Firefox和Firefox ESR 跨站请求伪造漏洞的补丁获取链接:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
来源:usn.ubuntu.com
来源:usn.ubuntu.com
来源:usn.ubuntu.com
来源:www.mozilla.org
链接:https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
来源:www.mozilla.org
链接:https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/
来源:www.mozilla.org
链接:https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
来源:www.mozilla.com
来源:usn.ubuntu.com
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html
来源:www.debian.org
来源:www.debian.org
来源:www.securityfocus.com
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153617/Debian-Security-Advisory-4479-1.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153640/Debian-Security-Advisory-4482-1.html
来源:www.auscert.org.au
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Mozilla-Firefox-multiple-vulnerabilities-29717
来源:www.auscert.org.au
暂无