logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Firefox字符编码跨站脚本漏洞

Description

BUGTRAQ ID: 29303 CVE(CAN) ID: CVE-2008-0416 Firefox是一款流行的开源WEB浏览器。 Firefox及其衍生产品中的HTML解析器没有遵循HTML规范,将退格字符处理为空格,这可能在遵循了上述规范过滤输入的网站上导致跨站脚本攻击。此外Firefox没有正确的解析Shift_JIS编码的0x80控制字符,这可能允许攻击者绕过站点输入过滤执行跨站脚本攻击。 Mozilla Firefox < 2.0.0.12 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1489-1)以及相应补丁: DSA-1489-1:New iceweasel packages fix several vulnerabilities 链接:<a href=http://www.debian.org/security/2008/dsa-1489 target=_blank>http://www.debian.org/security/2008/dsa-1489</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz</a> Size/MD5 checksum: 43522779 34cb9e2038afa635dac9319a0f113be8 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc</a> Size/MD5 checksum: 1289 568c8d5661721888aa75724f4ec76cf9 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz</a> Size/MD5 checksum: 186174 96e7907d265cdf00b81785db4e2ab6c4 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54290 97f40d39e73fba4b90c79a514ab89f18 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54146 ef3dbcc83837bc5c86ecdb3295716e23 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54026 91815e0777f6249b4ba95bbeb38cee0c <a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54176 1b7640fa33604225b347b8fd368163a0 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54816 97db059f2fc4f52bd4d2389f724e8378 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54026 969ad8b6ed5b8b0dea8cd5d3414c1485 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 239356 4309e0a07163450b9d7ce65103b39b80 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb</a> Size/MD5 checksum: 90934 5e1bdb44f0484fd2111a1541276b99dd <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb</a> Size/MD5 checksum: 51062530 72e80dbe1969eae96b4d9ed57aa89122 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb</a> Size/MD5 checksum: 11553820 0cea194c903903bb98b53cc349b89dbf amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb</a> Size/MD5 checksum: 50060784 8639ed04300fac0705c47c27338fdfbb <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb</a> Size/MD5 checksum: 87564 79c23f813fc543121275f4a974833c82 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb</a> Size/MD5 checksum: 10182710 bb8bbff82040dc0c04e98ac477a5a691 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb</a> Size/MD5 checksum: 89302 2867a60e5385e94188bf66f38f992a29 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb</a> Size/MD5 checksum: 11031094 f5926d349e00706a548fdb4f6c02dbac <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb</a> Size/MD5 checksum: 50426978 4228e87f68b21f2627069a320603263d i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb</a> Size/MD5 checksum: 9096292 1c535164988178a3d6b889f9d44f31e8 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb</a> Size/MD5 checksum: 81706 a7ca2818a1d14730077724e3acaf615f <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb</a> Size/MD5 checksum: 49451404 3525c3b01dd1142815513cc0d390493f ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb</a> Size/MD5 checksum: 14120046 8d6c6253c001988251523976eee216a1 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb</a> Size/MD5 checksum: 99914 3a4bd7bd5ab87d20bbf5a962411ae4fa <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb</a> Size/MD5 checksum: 50400330 dfa48b54a479b7f305c899bc3f395f92 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb</a> Size/MD5 checksum: 53844792 613a7bc03c43510bcb09e09d33bce694 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb</a> Size/MD5 checksum: 82810 e673433c89d7a74e95b86ed1a264fa5b <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb</a> Size/MD5 checksum: 11038906 5f60ab9a24ad69a5b8c17ef69f31ef83 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb</a> Size/MD5 checksum: 82872 e9fcd10390f6241f8ddc9c996807afe0 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb</a> Size/MD5 checksum: 10735706 dcc381a4d6a0d26a0d69afb0696955db <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb</a> Size/MD5 checksum: 52399756 ffa41f602d079d778355e5a4a7cbde18 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb</a> Size/MD5 checksum: 9913630 75da2ef9f6915fc6961cc56755f6b8fb <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb</a> Size/MD5 checksum: 83434 0b65d7b061d42bfb5ae48c9fb2f65e05 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb</a> Size/MD5 checksum: 51852988 59f76c278e30b86d7e3caaab603d774e s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb</a> Size/MD5 checksum: 87788 6cc1b69d90583e765b1f54bdd8ec88a4 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb</a> Size/MD5 checksum: 10339140 dd605f3c893a9fd281ee68c940faaea7 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb</a> Size/MD5 checksum: 50726238 fdc527fd80bb0383ea8ef02dca684f16 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb</a> Size/MD5 checksum: 81548 f4e489f39594fda6a3a3498aea9bd986 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb</a> Size/MD5 checksum: 9122208 28632988671ede31388d9caa46a5cfe9 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb</a> Size/MD5 checksum: 49060394 1008a6ee3a9f8a3b6e46b766e62af10a 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>


Related