1 | <date> |
---|
2 | 2012,10,10 |
---|
3 | |
---|
4 | <title> |
---|
5 | firefox にセキュリティホール |
---|
6 | |
---|
7 | <target> |
---|
8 | 6.1/i386, 6.1/x86_64 |
---|
9 | |
---|
10 | <url> |
---|
11 | http://www.mozilla-japan.org/security/known-vulnerabilities/firefox.html |
---|
12 | http://www.mozilla.org/en-US/firefox/16.0/releasenotes/ |
---|
13 | |
---|
14 | <info> |
---|
15 | firefox に複数の脆弱性が発見されました。 |
---|
16 | <dl> |
---|
17 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-87.html" class="critical">MFSA 2012-87</a><dt> |
---|
18 | <dd>Use-after-free in the IME State Manager</dd> |
---|
19 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-86.html" class="critical">MFSA 2012-86</a><dt> |
---|
20 | <dd>Heap memory corruption issues found using Address Sanitizer</dd> |
---|
21 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-85.html" class="critical">MFSA 2012-85</a><dt> |
---|
22 | <dd>Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer</dd> |
---|
23 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-84.html" class="high">MFSA 2012-84</a><dt> |
---|
24 | <dd>Spoofing and script injection through location.hash</dd> |
---|
25 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-83.html" class="critical">MFSA 2012-83</a><dt> |
---|
26 | <dd>Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties</dd> |
---|
27 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-82.html" class="high">MFSA 2012-82</a><dt> |
---|
28 | <dd>top object and location property accessible by plugins</dd> |
---|
29 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-81.html" class="critical">MFSA 2012-81</a><dt> |
---|
30 | <dd>GetProperty function can bypass security checks</dd> |
---|
31 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-80.html" class="critical">MFSA 2012-80</a><dt> |
---|
32 | <dd>Crash with invalid cast when using instanceof operator</dd> |
---|
33 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-79.html" class="critical">MFSA 2012-79</a><dt> |
---|
34 | <dd>DOS and crash with full screen and history navigation</dd> |
---|
35 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-78.html" class="critical">MFSA 2012-78</a><dt> |
---|
36 | <dd>Reader Mode pages have chrome privileges</dd> |
---|
37 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-77.html" class="critical">MFSA 2012-77</a><dt> |
---|
38 | <dd>Some DOMWindowUtils methods bypass security checks</dd> |
---|
39 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-76.html" class="high">MFSA 2012-76</a><dt> |
---|
40 | <dd>Continued access to initial origin after setting document.domain</dd> |
---|
41 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-75.html" class="critical">MFSA 2012-75</a><dt> |
---|
42 | <dd>select element persistance allows for attacks</dd> |
---|
43 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-74.html" class="critical">MFSA 2012-74</a><dt> |
---|
44 | <dd>Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)</dd> |
---|
45 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-72.html" class="high">MFSA 2012-72</a><dt> |
---|
46 | <dd>Web console eval capable of executing chrome-privileged code</dd> |
---|
47 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-71.html" class="high">MFSA 2012-71</a><dt> |
---|
48 | <dd>Insecure use of __android_log_print</dd> |
---|
49 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-70.html" class="high">MFSA 2012-70</a><dt> |
---|
50 | <dd>Location object security checks bypassed by chrome code</dd> |
---|
51 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-69.html" class="high">MFSA 2012-69</a><dt> |
---|
52 | <dd>Incorrect site SSL certificate data display</dd> |
---|
53 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-68.html" class="moderate">MFSA 2012-68</a><dt> |
---|
54 | <dd>DOMParser loads linked resources in extensions when parsing text/html</dd> |
---|
55 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-67.html" class="moderate">MFSA 2012-67</a><dt> |
---|
56 | <dd>Installer will launch incorrect executable following new installation</dd> |
---|
57 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-66.html" class="critical">MFSA 2012-66</a><dt> |
---|
58 | <dd>HTTPMonitor extension allows for remote debugging without explicit activation</dd> |
---|
59 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-65.html" class="moderate">MFSA 2012-65</a><dt> |
---|
60 | <dd>Out-of-bounds read in format-number in XSLT</dd> |
---|
61 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-64.html" class="high">MFSA 2012-64</a><dt> |
---|
62 | <dd>Graphite 2 memory corruption</dd> |
---|
63 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-63.html" class="critical">MFSA 2012-63</a><dt> |
---|
64 | <dd>SVG buffer overflow and use-after-free issues</dd> |
---|
65 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-62.html" class="critical">MFSA 2012-62</a><dt> |
---|
66 | <dd>WebGL use-after-free and memory corruption</dd> |
---|
67 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-61.html" class="critical">MFSA 2012-61</a><dt> |
---|
68 | <dd>Memory corruption with bitmap format images with negative height</dd> |
---|
69 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-60.html" class="critical">MFSA 2012-60</a><dt> |
---|
70 | <dd>Escalation of privilege through about:newtab</dd> |
---|
71 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-59.html" class="high">MFSA 2012-59</a><dt> |
---|
72 | <dd>Location object can be shadowed using Object.defineProperty</dd> |
---|
73 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-58.html" class="critical">MFSA 2012-58</a><dt> |
---|
74 | <dd>Use-after-free issues found using Address Sanitizer</dd> |
---|
75 | <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-57.html" class="critical">MFSA 2012-57</a><dt> |
---|
76 | <dd>Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)</dd> |
---|
77 | </dl> |
---|
78 | <br/> |
---|
79 | この更新により、firefox-16.0 にアップデートされます。<br/> |
---|
80 | また、一部ページによってクラッシュを起こしやすい場合がありましたが、その修正も含まれています。 |
---|
81 | |
---|
82 | <directory> |
---|
83 | Vine-6.1/updates/RPMS/i386 |
---|
84 | Vine-6.1/updates/RPMS/x86_64 |
---|
85 | |
---|
86 | <update> |
---|
87 | [ size ] [ SHA1 checksum ] [ file name ] |
---|
88 | 89398766 7678bde563ba7ff38401ab01ea33131515ce104e firefox-16.0-1vl6.src.rpm |
---|
89 | 21028370 1033255566ebf5e65ad62788dc39a78619cacb4e firefox-16.0-1vl6.i686.rpm |
---|
90 | 20703431 1b32d243db8e6ee721062ed1fe5ce7e4f79fb995 firefox-16.0-1vl6.x86_64.rpm |
---|