Mozilla Firefox、Firefox ESR和Thunderbird IonMonkey JIT compiler 安全漏洞
| CNNVD-ID编号 | CNNVD-202001-297 | CVE编号 | CVE-2019-17026 |
| 发布时间 | 2020-01-09 | 更新时间 | 2020-05-27 |
| 漏洞类型 | 其他 | 漏洞来源 | Qihoo 360 ATA,Ubuntu,Debian,Red Hat,Gentoo |
| 危险等级 | 高危 | 威胁类型 | 远程 |
| 厂商 | N/A | ||
漏洞介绍
Mozilla Firefox等都是美国Mozilla(Mozilla)基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。IonMonkey JIT compiler是其中的一个JIT编译器。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。
Mozilla Firefox 72.0.1之前版本、Firefox ESR 68.4.1之前版本和Thunderbird 68.4.1之前版本中的IonMonkey JIT compiler存在类型混淆漏洞。远程攻击者可利用该漏洞执行任意代码或导致拒绝服务。
漏洞补丁
目前厂商已发布升级了Mozilla Firefox、Firefox ESR和Thunderbird IonMonkey JIT compiler 安全漏洞的补丁,Mozilla Firefox、Firefox ESR和Thunderbird IonMonkey JIT compiler 安全漏洞的补丁获取链接:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/
参考网址
来源:MISC
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=1607443
来源:GENTOO
链接:https://security.gentoo.org/glsa/202003-02
来源:MISC
链接:https://www.mozilla.org/security/advisories/mfsa2020-03/
来源:MISC
链接:https://www.mozilla.org/security/advisories/mfsa2020-04/
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/4241-1/
来源:www.us-cert.gov
链接:https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability
来源:www.mozilla.org
链接:https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2020:0111
来源:www.debian.org
链接:https://www.debian.org/lts/security/2020/dla-2093
来源:www.debian.org
链接:https://www.debian.org/security/2020/dsa-4603
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2020:0086
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2020:0085
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2020/suse-su-202014268-1.html
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200142-1.html
来源:vigilance.fr
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157345/Ubuntu-Security-Notice-USN-4335-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0206/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0128/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156704/Gentoo-Linux-Security-Advisory-202003-02.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155970/Red-Hat-Security-Advisory-2020-0127-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156000/Debian-Security-Advisory-4603-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0078/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0386/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0210/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156158/Red-Hat-Security-Advisory-2020-0295-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155892/Debian-Security-Advisory-4600-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0152/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0118/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0195/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0194/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155932/Red-Hat-Security-Advisory-2020-0085-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155955/Red-Hat-Security-Advisory-2020-0111-01.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-17026
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1387/
受影响实体
暂无
信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202001-297
评论