firefox にセキュリティホール

発行日:2012,10,10
対象 (Vine Linuxバージョン):

6.1/i386, 6.1/x86_64

内容:
firefox に複数の脆弱性が発見されました。
MFSA 2012-87
Use-after-free in the IME State Manager
MFSA 2012-86
Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85
Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84
Spoofing and script injection through location.hash
MFSA 2012-83
Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82
top object and location property accessible by plugins
MFSA 2012-81
GetProperty function can bypass security checks
MFSA 2012-80
Crash with invalid cast when using instanceof operator
MFSA 2012-79
DOS and crash with full screen and history navigation
MFSA 2012-78
Reader Mode pages have chrome privileges
MFSA 2012-77
Some DOMWindowUtils methods bypass security checks
MFSA 2012-76
Continued access to initial origin after setting document.domain
MFSA 2012-75
select element persistance allows for attacks
MFSA 2012-74
Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
MFSA 2012-72
Web console eval capable of executing chrome-privileged code
MFSA 2012-71
Insecure use of __android_log_print
MFSA 2012-70
Location object security checks bypassed by chrome code
MFSA 2012-69
Incorrect site SSL certificate data display
MFSA 2012-68
DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67
Installer will launch incorrect executable following new installation
MFSA 2012-66
HTTPMonitor extension allows for remote debugging without explicit activation
MFSA 2012-65
Out-of-bounds read in format-number in XSLT
MFSA 2012-64
Graphite 2 memory corruption
MFSA 2012-63
SVG buffer overflow and use-after-free issues
MFSA 2012-62
WebGL use-after-free and memory corruption
MFSA 2012-61
Memory corruption with bitmap format images with negative height
MFSA 2012-60
Escalation of privilege through about:newtab
MFSA 2012-59
Location object can be shadowed using Object.defineProperty
MFSA 2012-58
Use-after-free issues found using Address Sanitizer
MFSA 2012-57
Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

この更新により、firefox-16.0 にアップデートされます。
また、一部ページによってクラッシュを起こしやすい場合がありましたが、その修正も含まれています。
修正済パッケージ/ファイル:
[ size ] [ SHA1 checksum ]                        [ file name ]
 89398766 7678bde563ba7ff38401ab01ea33131515ce104e firefox-16.0-1vl6.src.rpm
 21028370 1033255566ebf5e65ad62788dc39a78619cacb4e firefox-16.0-1vl6.i686.rpm
 20703431 1b32d243db8e6ee721062ed1fe5ce7e4f79fb995 firefox-16.0-1vl6.x86_64.rpm
入手先:
update-watch, synaptic または apt-get でアップグレードすることができます。
# apt-get update
# apt-get upgrade
該当するパッケージをインストールしていない場合は、 更新の必要はありません。
また、各ミラーサイトの
Vine-6.1/updates/RPMS/i386
Vine-6.1/updates/RPMS/x86_64
からも個別に入手することができます。
関連URL: