source: projects/web/trunk/errata/6x/20121010-1.dat @ 7253

Revision 7253, 6.4 KB checked in by daisuke, 11 years ago (diff)

update code
Line 
1<date>
22012,10,10
3
4<title>
5firefox にセキュリティホール
6
7<target>
86.1/i386, 6.1/x86_64
9
10<url>
11http://www.mozilla-japan.org/security/known-vulnerabilities/firefox.html
12http://www.mozilla.org/en-US/firefox/16.0/releasenotes/
13
14<info>
15firefox に複数の脆弱性が発見されました。
16  <dl>
17    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-87.html" class="critical">MFSA 2012-87</a><dt>
18    <dd>Use-after-free in the IME State Manager</dd>
19    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-86.html" class="critical">MFSA 2012-86</a><dt>
20    <dd>Heap memory corruption issues found using Address Sanitizer</dd>
21    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-85.html" class="critical">MFSA 2012-85</a><dt>
22    <dd>Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer</dd>
23    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-84.html" class="high">MFSA 2012-84</a><dt>
24    <dd>Spoofing and script injection through location.hash</dd>
25    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-83.html" class="critical">MFSA 2012-83</a><dt>
26    <dd>Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties</dd>
27    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-82.html" class="high">MFSA 2012-82</a><dt>
28    <dd>top object and location property accessible by plugins</dd>
29    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-81.html" class="critical">MFSA 2012-81</a><dt>
30    <dd>GetProperty function can bypass security checks</dd>
31    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-80.html" class="critical">MFSA 2012-80</a><dt>
32    <dd>Crash with invalid cast when using instanceof operator</dd>
33    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-79.html" class="critical">MFSA 2012-79</a><dt>
34    <dd>DOS and crash with full screen and history navigation</dd>
35    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-78.html" class="critical">MFSA 2012-78</a><dt>
36    <dd>Reader Mode pages have chrome privileges</dd>
37    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-77.html" class="critical">MFSA 2012-77</a><dt>
38    <dd>Some DOMWindowUtils methods bypass security checks</dd>
39    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-76.html" class="high">MFSA 2012-76</a><dt>
40    <dd>Continued access to initial origin after setting document.domain</dd>
41    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-75.html" class="critical">MFSA 2012-75</a><dt>
42    <dd>select element persistance allows for attacks</dd>
43    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-74.html" class="critical">MFSA 2012-74</a><dt>
44    <dd>Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)</dd>
45    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-72.html" class="high">MFSA 2012-72</a><dt>
46    <dd>Web console eval capable of executing chrome-privileged code</dd>
47    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-71.html" class="high">MFSA 2012-71</a><dt>
48    <dd>Insecure use of __android_log_print</dd>
49    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-70.html" class="high">MFSA 2012-70</a><dt>
50    <dd>Location object security checks bypassed by chrome code</dd>
51    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-69.html" class="high">MFSA 2012-69</a><dt>
52    <dd>Incorrect site SSL certificate data display</dd>
53    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-68.html" class="moderate">MFSA 2012-68</a><dt>
54    <dd>DOMParser loads linked resources in extensions when parsing text/html</dd>
55    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-67.html" class="moderate">MFSA 2012-67</a><dt>
56    <dd>Installer will launch incorrect executable following new installation</dd>
57    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-66.html" class="critical">MFSA 2012-66</a><dt>
58    <dd>HTTPMonitor extension allows for remote debugging without explicit activation</dd>
59    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-65.html" class="moderate">MFSA 2012-65</a><dt>
60    <dd>Out-of-bounds read in format-number in XSLT</dd>
61    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-64.html" class="high">MFSA 2012-64</a><dt>
62    <dd>Graphite 2 memory corruption</dd>
63    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-63.html" class="critical">MFSA 2012-63</a><dt>
64    <dd>SVG buffer overflow and use-after-free issues</dd>
65    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-62.html" class="critical">MFSA 2012-62</a><dt>
66    <dd>WebGL use-after-free and memory corruption</dd>
67    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-61.html" class="critical">MFSA 2012-61</a><dt>
68    <dd>Memory corruption with bitmap format images with negative height</dd>
69    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-60.html" class="critical">MFSA 2012-60</a><dt>
70    <dd>Escalation of privilege through about:newtab</dd>
71    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-59.html" class="high">MFSA 2012-59</a><dt>
72    <dd>Location object can be shadowed using Object.defineProperty</dd>
73    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-58.html" class="critical">MFSA 2012-58</a><dt>
74    <dd>Use-after-free issues found using Address Sanitizer</dd>
75    <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-57.html" class="critical">MFSA 2012-57</a><dt>
76    <dd>Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)</dd>
77  </dl>
78<br/>
79この更新により、firefox-16.0 にアップデートされます。<br/>
80また、一部ページによってクラッシュを起こしやすい場合がありましたが、その修正も含まれています。
81
82<directory>
83Vine-6.1/updates/RPMS/i386
84Vine-6.1/updates/RPMS/x86_64
85
86<update>
87 [ size ] [ SHA1 checksum ]                        [ file name ]
88 89398766 7678bde563ba7ff38401ab01ea33131515ce104e firefox-16.0-1vl6.src.rpm
89 21028370 1033255566ebf5e65ad62788dc39a78619cacb4e firefox-16.0-1vl6.i686.rpm
90 20703431 1b32d243db8e6ee721062ed1fe5ce7e4f79fb995 firefox-16.0-1vl6.x86_64.rpm
Note: See TracBrowser for help on using the repository browser.