CNNVD-ID编号 | CNNVD-200604-225 |
CVE编号 | CVE-2006-1725 |
发布时间 | 2006-04-14 |
更新时间 | 2006-08-28 |
漏洞类型 | 权限许可和访问控制 |
漏洞来源 | TippingPoint http://www.tippingpoint.com/ http://www.zerodayinitiative.com/ shutdown shutdown@flashmail.com Igor Bukanov Bernd Mielke Martijn Wargers Bob Clary Tristor Michael Krax moz_bug_r_a4 moz_bug_r_a4@yahoo.com Claus Jørgensen Jesse Rud |
危险等级 | 低危 |
威胁类型 | 远程 |
厂 商 | mozilla |
Mozilla Suite/Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 XUL内容窗口与Firefox 1.5中新的faster history机制交互可能导致这些窗口变得半透明。攻击者可以利用这个漏洞诱骗用户与无法看到的窗口UI交互,导致执行任意代码。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Sun Solaris 10.0
Sun 119115-21
http://sunsolve.sun.com/
Sun Solaris 8
Sun 120671-03
http://sunsolve.sun.com/patches/
HP HP-UX B.11.23
HP Firefox v2.0.0.4
http://www.hp.com/products1/unix/java/firefox/downloads/license_firefo x_2-0-0-4.html
HP thunderbird_1.5.0.9_ia.depot.gz
For HP-UX B.11.23 and B.11.31 (IA)
http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html
HP thunderbird_1.5.0.9_pa.depot.gz
For HP-UX B.11.11, B.11.23, and B.11.31 (PA)
http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html
HP HP-UX B.11.11
HP Firefox v2.0.0.4
http://www.hp.com/products1/unix/java/firefox/downloads/license_firefo x_2-0-0-4.html
HP thunderbird_1.5.0.9_pa.depot.gz
For HP-UX B.11.11, B.11.23, and B.11.31 (PA)
http://www.hp.com/products1/unix/java/firefox/downloads/license_thunde rbird_1-5-0-8.html
Mozilla Thunderbird 0.8
Fedora Legacy thunderbird-1.0.8-1.1.fc3.4.legacy.i386.rpm
Fedora Core 3:
http://download.fedoralegacy.org/fedora/3/updates/i386/thunderbird-1.0 .8-1.1.fc3.4.legacy.i386.rpm
Fedora Legacy thunderbird-1.0.8-1.1.fc3.4.legacy.x86_64.rpm
Fedora Core 3:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/thunderbird-1 .0.8-1.1.fc3.4.legacy.x86_64.rpm
Mozilla Firefox 1.0.4
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_alpha.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_amd64.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_arm.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_hppa.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_i386.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_ia64.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_m68k.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_mips.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_s390.deb
Debian mozilla-firefox-dom-inspector_1.0.4-2sarge6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-dom-inspector_1.0.4-2sarge6_sparc.deb
Debian mozilla-firefox-gnome-support_1.0.4-2sarge6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla -firefox-gnome-support_1.
来源: MISC
来源: BID
名称: 17516
来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/2006/mfsa2006-29.html
来源: VUPEN
名称: ADV-2006-1356
来源: SECUNIA
名称: 19649
来源: SECUNIA
名称: 19631
来源: XF
名称: mozilla-xul-window-spoofing(25827)
来源: HP
名称: SSRT061181
链接:http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
来源: VUPEN
名称: ADV-2008-0083
来源: VUPEN
名称: ADV-2006-3748
来源: SECUNIA
名称: 22066