Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19415
HistoryApr 08, 2010 - 12:00 a.m.

Mozilla Firefox浏览器强制URL拖放操作权限提升漏洞

2010-04-0800:00:00
Root
www.seebug.org
23

0.022 Low

EPSS

Percentile

88.1%

JSON

CVE(CAN) ID: CVE-2010-0178

Firefox是一款流行的开源WEB浏览器。

浏览器Applet可能错误的将单个鼠标点击动作解释为拖放操作,这可能导致在用户浏览器中非预期的加载资源。攻击者可以连续两次利用这种行为,第一次在用户浏览器中加载特权的chrome: URL,之后在同一文档之上加载恶意的javascript: URL,导致以chrome权限执行任意脚本。

Mozilla Firefox 3.6
Mozilla Firefox 3.5.x
Mozilla Firefox 3.0.x
Mozilla SeaMonkey < 2.0.4
补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件:

wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:

dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

    首先,使用下面的命令更新内部数据库:

    apt-get update

    然后,使用下面的命令安装更新软件包:

    apt-get upgrade

Mozilla

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.mozilla.org/

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2010:0332-01)以及相应补丁:
RHSA-2010:0332-01:Critical: firefox security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0332.html

Related

veracode 1
prion 1
mozilla 1
cve 1
securityvulns 4
ubuntucve 1
openvas 84
debian 3
osv 1
nessus 39
redhat 1
centos 1
oraclelinux 1
ubuntu 2
fedora 28
freebsd 1
suse 1
gentoo 1
veracode
veracode
Arbitrary JavaScript Code Execution
2020-04-10 00:45:25
prion
prion
Code injection
2010-04-05 17:30:00
mozilla
mozilla
Chrome privilege escalation via forced URL drag and drop — Mozilla
2010-03-30 00:00:00
cve
cve
CVE-2010-0178
2010-04-05 17:30:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-20
2010-04-06 00:00:00
xulrunner multiple security vulnerabilities
2010-04-06 00:00:00
[SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities
2010-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2010-0178
2010-04-05 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities (Apr 2010) - Windows
2010-04-13 00:00:00
Mozilla Products Multiple vulnerabilities apr-10 (Windows)
2010-04-13 00:00:00
Debian Security Advisory DSA 2027-1 (xulrunner)
2010-04-21 00:00:00
debian
debian
[SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities
2010-04-03 17:50:19
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:48:42
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:54:27
osv
osv
xulrunner - several vulnerabilities
2010-04-03 00:00:00
nessus
nessus
Debian DSA-2027-1 : xulrunner - several vulnerabilities
2010-04-05 00:00:00
Scientific Linux Security Update : firefox on SL4.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 / 5 : firefox (RHSA-2010:0332)
2010-05-11 00:00:00
redhat
redhat
(RHSA-2010:0332) Critical: firefox security update
2010-03-30 00:00:00
centos
centos
firefox security update
2010-04-06 21:01:59
oraclelinux
oraclelinux
firefox security update
2010-03-31 00:00:00
ubuntu
ubuntu
Firefox 3.0 and Xulrunner vulnerabilities
2010-04-09 00:00:00
Firefox 3.5 and Xulrunner vulnerabilities
2010-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: kazehakase-0.5.8-5.fc11.1
2010-04-01 01:49:04
[SECURITY] Fedora 11 Update: epiphany-extensions-2.26.1-11.fc11
2010-04-01 01:49:04
[SECURITY] Fedora 11 Update: google-gadgets-0.11.1-6.fc11
2010-04-01 01:49:04
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-03-30 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss
2010-04-14 16:54:51
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

0.022 Low

EPSS

Percentile

88.1%

JSON
Related for SSV:19415
veracode1prion1mozilla1cve1securityvulns4ubuntucve1openvas84debian3osv1nessus39redhat1centos1oraclelinux1ubuntu2fedora28freebsd1suse1gentoo1