漏洞信息详情
Mozilla/Firefox Browsers未授权剪贴板内容泄露
- CNNVD编号:CNNVD-200412-867 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2004-0908
- 漏洞类型: 访问验证错误
- 发布时间: 2004-12-31
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: mozilla
- 漏洞来源: .');">Discovery of this ...
-
漏洞简介
Mozilla Firefox Preview Release以前版本,Mozilla 1.7.3以前版本和Thunderbird 0.8以前版本存在漏洞。不受信任Javascript代码可以借助如Ctrl-Ins的script-generated事件读写剪贴板,并可能获得敏感信息。
漏洞公告
This issue is addressed in Mozilla 1.7.3 and Firefox Preview Release: Conectiva has released an advisory (CLA-2004:877) to address various issues including this issue in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information. Gentoo has released an advisory (GLSA 200409-26) to address various issues in Mozilla Browsers. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems. emerge sync emerge -pv your-version emerge your-version RedHat Linux has released advisory RHSA-2004:486-18 along with fixes to address this, and other issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information on obtaining fixes. HP has released an advisory (SSRT4826) dealing with this issue for their Tru64 UNIX platform. Please see the referenced advisory for more information. SuSE Linux has released advisory SUSE-SA:2004:036 along with fixes dealing with this issue. Please see the referenced advisory for more information. The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information. Mozilla Firefox 0.8
- Mozilla Firefox Preview Release http://www.mozilla.org/products/firefox/releases/0.10.html
- Mozilla Firefox Preview Release http://www.mozilla.org/products/firefox/releases/0.10.html
- Mozilla Firefox Preview Release http://www.mozilla.org/products/firefox/releases/0.10.html
- Mozilla Firefox Preview Release http://www.mozilla.org/products/firefox/releases/0.10.html
- Mozilla Firefox Preview Release http://www.mozilla.org/products/firefox/releases/0.10.html
- Mozilla Firefox Preview Release http://www.mozilla.org/products/firefox/releases/0.10.html
- Mozilla Mozilla 1.7.3 http://www.mozilla.org/releases/
- Mozilla Mozilla 1.7.3 http://www.mozilla.org/releases/
- Mozilla Mozilla 1.7.3 http://www.mozilla.org/releases/
- Mozilla Mozilla 1.7.3 http://www.mozilla.org/releases/
参考网址
来源:US-CERT Vulnerability Note: VU#460528 名称: VU#460528 链接:http://www.kb.cert.org/vuls/id/460528 来源: BID 名称: 11179 链接:http://www.securityfocus.com/bid/11179 来源: SUSE 名称: SUSE-SA:2004:036 链接:http://www.novell.com/linux/security/advisories/2004_36_mozilla.html 来源: FEDORA 名称: FLSA:2089 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109900315219363&w=2 来源: bugzilla.mozilla.org 链接:http://bugzilla.mozilla.org/show_bug.cgi?id=257523 来源: XF 名称: mozilla-shortcut-clipboard-access(17376) 链接:http://xforce.iss.net/xforce/xfdb/17376 来源: www.mozilla.org 链接:http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 来源: GENTOO 名称: GLSA-200409-26 链接:http://security.gentoo.org/glsa/glsa-200409-26.xml 来源: SECUNIA 名称: 12526 链接:http://secunia.com/advisories/12526 来源: OVAL 名称: oval:org.mitre.oval:def:9745 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9745 来源: HP 名称: SSRT4826 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109698896104418&w=2
受影响实体
- Mozilla Mozilla:1.4.1<!--2000-1-1-->
- Mozilla Mozilla:1.4.2<!--2000-1-1-->
- Mozilla Mozilla:1.4.4<!--2000-1-1-->
- Mozilla Mozilla:1.5<!--2000-1-1-->
- Mozilla Mozilla:1.5.1<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...