中危 firefox 内存破坏拒绝服务代码执行漏洞

CVE编号

CVE-2006-1790

利用情况

暂无

补丁情况

官方补丁

披露时间

2006-04-15

漏洞描述

Mozilla Suite/Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。 Mozilla Firefox 1.0.7 允许远程攻击者利用很大正则表达式的JavaScript、InstallTrigger.install方式、通过更改-moz-grid和-moz-grid-group显示样式，或某些能够导致越界数组写入和缓冲区溢出的级联样式表(CSS)导致拒绝服务，或执行任意代码。

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19631
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746
http://secunia.com/advisories/19759
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794
http://secunia.com/advisories/19811
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.debian.org/security/2006/dsa-1044
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/bid/17516
http://www.vupen.com/english/advisories/2006/1356
https://exchange.xforce.ibmcloud.com/vulnerabilities/25809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/
https://usn.ubuntu.com/276-1/

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	mozilla	firefox	1.0.7	-
	运行在以下环境
	系统	debian_10	thunderbird	*		Up to (excluding) 1.5.0.2-1
	运行在以下环境
	系统	debian_11	thunderbird	*		Up to (excluding) 1.5.0.2-1
	运行在以下环境
	系统	debian_12	thunderbird	*		Up to (excluding) 1.5.0.2-1
	运行在以下环境
	系统	debian_sid	firefox	*		Up to (excluding) 1.5

阿里云评分 6.9

• 攻击路径 远程
• 攻击复杂度 容易
• 权限要求 无需权限
• 影响范围 全局影响
• EXP成熟度 未验证
• 补丁情况 官方补丁
• 数据保密性 无影响
• 数据完整性 无影响
• 服务器危害 无影响
• 全网数量 N/A

CWE-ID	漏洞类型
CWE-399	资源管理错误

Exp相关链接

- avd.aliyun.com