CVE编号
CVE-2012-4192利用情况
暂无补丁情况
官方补丁披露时间
2012-10-12漏洞描述
Mozilla Firefox是Mozilla所发布的WEB浏览器。Mozilla Firefox不正确限制其他域对象对保护的"location"对象的访问,允许攻击者构建恶意WEB页,诱使用户解析,可绕过同源策略获得敏感信息。解决建议
Mozilla Firefox 16.0.1已经修复此漏洞,建议用户下载使用:http://www.mozilla.com/en-US/
参考链接 |
|
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html | |
| http://secunia.com/advisories/50904 | |
| http://secunia.com/advisories/50929 | |
| http://secunia.com/advisories/50984 | |
| http://secunia.com/advisories/55318 | |
| http://www.mozilla.org/security/announce/2012/mfsa2012-89.html | |
| http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-la... | |
| http://www.ubuntu.com/usn/USN-1608-1 | |
| http://www.ubuntu.com/usn/USN-1611-1 | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=799952 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79210 | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | mozilla | firefox | 16.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | mozilla | seamonkey | 2.13 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | mozilla | thunderbird | 16.0 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | libfreebl3-debuginfo-32bit | * |
Up to (excluding) 24.8.0-127.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | mozilla-nss-certs | * |
Up to (excluding) 24.8.0-127.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | mozilla-nss-debuginfo-32bit | * |
Up to (excluding) 24.8.0-127.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | mozilla-nss-sysinit-32bit | * |
Up to (excluding) 24.8.0-127.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | mozilla-nss-sysinit-debuginfo | * |
Up to (excluding) 24.8.0-127.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.1 | libfreebl3-debuginfo-32bit | * |
Up to (excluding) 16.0.1-2.46.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.1 | mozilla-nss-certs | * |
Up to (excluding) 16.0.1-2.46.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.1 | mozilla-nss-debuginfo-32bit | * |
Up to (excluding) 16.0.1-2.46.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.1 | mozilla-nss-sysinit-32bit | * |
Up to (excluding) 16.0.1-2.46.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.1 | mozilla-nss-sysinit-debuginfo | * |
Up to (excluding) 16.0.1-2.46.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.2 | libfreebl3-debuginfo-32bit | * |
Up to (excluding) 16.0.1-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.2 | mozilla-nss-certs | * |
Up to (excluding) 16.0.1-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.2 | mozilla-nss-debuginfo-32bit | * |
Up to (excluding) 16.0.1-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.2 | mozilla-nss-sysinit-32bit | * |
Up to (excluding) 16.0.1-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_12.2 | mozilla-nss-sysinit-debuginfo | * |
Up to (excluding) 16.0.1-2.17.1 |
|||||
- 攻击路径 本地
- 攻击复杂度 困难
- 权限要求 普通权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 -
还没有评论,来说两句吧...