firefox にセキュリティホール
発行日:2012,10,10
- 対象 (Vine Linuxバージョン):
6.1/i386, 6.1/x86_64
- 内容:
- firefox に複数の脆弱性が発見されました。
- MFSA 2012-87
- Use-after-free in the IME State Manager
- MFSA 2012-86
- Heap memory corruption issues found using Address Sanitizer
- MFSA 2012-85
- Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
- MFSA 2012-84
- Spoofing and script injection through location.hash
- MFSA 2012-83
- Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
- MFSA 2012-82
- top object and location property accessible by plugins
- MFSA 2012-81
- GetProperty function can bypass security checks
- MFSA 2012-80
- Crash with invalid cast when using instanceof operator
- MFSA 2012-79
- DOS and crash with full screen and history navigation
- MFSA 2012-78
- Reader Mode pages have chrome privileges
- MFSA 2012-77
- Some DOMWindowUtils methods bypass security checks
- MFSA 2012-76
- Continued access to initial origin after setting document.domain
- MFSA 2012-75
- select element persistance allows for attacks
- MFSA 2012-74
- Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
- MFSA 2012-72
- Web console eval capable of executing chrome-privileged code
- MFSA 2012-71
- Insecure use of __android_log_print
- MFSA 2012-70
- Location object security checks bypassed by chrome code
- MFSA 2012-69
- Incorrect site SSL certificate data display
- MFSA 2012-68
- DOMParser loads linked resources in extensions when parsing text/html
- MFSA 2012-67
- Installer will launch incorrect executable following new installation
- MFSA 2012-66
- HTTPMonitor extension allows for remote debugging without explicit activation
- MFSA 2012-65
- Out-of-bounds read in format-number in XSLT
- MFSA 2012-64
- Graphite 2 memory corruption
- MFSA 2012-63
- SVG buffer overflow and use-after-free issues
- MFSA 2012-62
- WebGL use-after-free and memory corruption
- MFSA 2012-61
- Memory corruption with bitmap format images with negative height
- MFSA 2012-60
- Escalation of privilege through about:newtab
- MFSA 2012-59
- Location object can be shadowed using Object.defineProperty
- MFSA 2012-58
- Use-after-free issues found using Address Sanitizer
- MFSA 2012-57
- Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
この更新により、firefox-16.0 にアップデートされます。
また、一部ページによってクラッシュを起こしやすい場合がありましたが、その修正も含まれています。 - MFSA 2012-87
- 修正済パッケージ/ファイル:
-
[ size ] [ SHA1 checksum ] [ file name ] 89398766 7678bde563ba7ff38401ab01ea33131515ce104e firefox-16.0-1vl6.src.rpm 21028370 1033255566ebf5e65ad62788dc39a78619cacb4e firefox-16.0-1vl6.i686.rpm 20703431 1b32d243db8e6ee721062ed1fe5ce7e4f79fb995 firefox-16.0-1vl6.x86_64.rpm
- 入手先:
- update-watch, synaptic または apt-get でアップグレードすることができます。
# apt-get update # apt-get upgrade
該当するパッケージをインストールしていない場合は、 更新の必要はありません。
また、各ミラーサイトのVine-6.1/updates/RPMS/i386 Vine-6.1/updates/RPMS/x86_64
からも個別に入手することができます。 - 関連URL: