firefox にセキュリティホール <target> 6.1/i386, 6.1/x86_64 <url> http://www.mozilla-japan.org/security/known-vulnerabilities/firefox.html http://www.mozilla.org/en-US/firefox/16.0/releasenotes/ <info> firefox に複数の脆弱性が発見されました。 <dl> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-87.html" class="critical">MFSA 2012-87</a><dt> <dd>Use-after-free in the IME State Manager</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-86.html" class="critical">MFSA 2012-86</a><dt> <dd>Heap memory corruption issues found using Address Sanitizer</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-85.html" class="critical">MFSA 2012-85</a><dt> <dd>Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-84.html" class="high">MFSA 2012-84</a><dt> <dd>Spoofing and script injection through location.hash</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-83.html" class="critical">MFSA 2012-83</a><dt> <dd>Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-82.html" class="high">MFSA 2012-82</a><dt> <dd>top object and location property accessible by plugins</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-81.html" class="critical">MFSA 2012-81</a><dt> <dd>GetProperty function can bypass security checks</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-80.html" class="critical">MFSA 2012-80</a><dt> <dd>Crash with invalid cast when using instanceof operator</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-79.html" class="critical">MFSA 2012-79</a><dt> <dd>DOS and crash with full screen and history navigation</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-78.html" class="critical">MFSA 2012-78</a><dt> <dd>Reader Mode pages have chrome privileges</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-77.html" class="critical">MFSA 2012-77</a><dt> <dd>Some DOMWindowUtils methods bypass security checks</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-76.html" class="high">MFSA 2012-76</a><dt> <dd>Continued access to initial origin after setting document.domain</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-75.html" class="critical">MFSA 2012-75</a><dt> <dd>select element persistance allows for attacks</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-74.html" class="critical">MFSA 2012-74</a><dt> <dd>Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-72.html" class="high">MFSA 2012-72</a><dt> <dd>Web console eval capable of executing chrome-privileged code</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-71.html" class="high">MFSA 2012-71</a><dt> <dd>Insecure use of __android_log_print</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-70.html" class="high">MFSA 2012-70</a><dt> <dd>Location object security checks bypassed by chrome code</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-69.html" class="high">MFSA 2012-69</a><dt> <dd>Incorrect site SSL certificate data display</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-68.html" class="moderate">MFSA 2012-68</a><dt> <dd>DOMParser loads linked resources in extensions when parsing text/html</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-67.html" class="moderate">MFSA 2012-67</a><dt> <dd>Installer will launch incorrect executable following new installation</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-66.html" class="critical">MFSA 2012-66</a><dt> <dd>HTTPMonitor extension allows for remote debugging without explicit activation</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-65.html" class="moderate">MFSA 2012-65</a><dt> <dd>Out-of-bounds read in format-number in XSLT</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-64.html" class="high">MFSA 2012-64</a><dt> <dd>Graphite 2 memory corruption</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-63.html" class="critical">MFSA 2012-63</a><dt> <dd>SVG buffer overflow and use-after-free issues</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-62.html" class="critical">MFSA 2012-62</a><dt> <dd>WebGL use-after-free and memory corruption</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-61.html" class="critical">MFSA 2012-61</a><dt> <dd>Memory corruption with bitmap format images with negative height</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-60.html" class="critical">MFSA 2012-60</a><dt> <dd>Escalation of privilege through about:newtab</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-59.html" class="high">MFSA 2012-59</a><dt> <dd>Location object can be shadowed using Object.defineProperty</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-58.html" class="critical">MFSA 2012-58</a><dt> <dd>Use-after-free issues found using Address Sanitizer</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-57.html" class="critical">MFSA 2012-57</a><dt> <dd>Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)</dd> </dl> <br/> この更新により、firefox-16.0 にアップデートされます。<br/> また、一部ページによってクラッシュを起こしやすい場合がありましたが、その修正も含まれています。 <directory> Vine-6.1/updates/RPMS/i386 Vine-6.1/updates/RPMS/x86_64 <update> [ size ] [ SHA1 checksum ] [ file name ] 89398766 7678bde563ba7ff38401ab01ea33131515ce104e firefox-16.0-1vl6.src.rpm 21028370 1033255566ebf5e65ad62788dc39a78619cacb4e firefox-16.0-1vl6.i686.rpm 20703431 1b32d243db8e6ee721062ed1fe5ce7e4f79fb995 firefox-16.0-1vl6.x86

2012,10,10 firefox にセキュリティホール <target> 6.1/i386, 6.1/x86_64 <url> http://www.mozilla-japan.org/security/known-vulnerabilities/firefox.html http://www.mozilla.org/en-US/firefox/16.0/releasenotes/ <info> firefox に複数の脆弱性が発見されました。 <dl> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-87.html" class="critical">MFSA 2012-87</a><dt> <dd>Use-after-free in the IME State Manager</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-86.html" class="critical">MFSA 2012-86</a><dt> <dd>Heap memory corruption issues found using Address Sanitizer</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-85.html" class="critical">MFSA 2012-85</a><dt> <dd>Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-84.html" class="high">MFSA 2012-84</a><dt> <dd>Spoofing and script injection through location.hash</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-83.html" class="critical">MFSA 2012-83</a><dt> <dd>Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-82.html" class="high">MFSA 2012-82</a><dt> <dd>top object and location property accessible by plugins</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-81.html" class="critical">MFSA 2012-81</a><dt> <dd>GetProperty function can bypass security checks</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-80.html" class="critical">MFSA 2012-80</a><dt> <dd>Crash with invalid cast when using instanceof operator</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-79.html" class="critical">MFSA 2012-79</a><dt> <dd>DOS and crash with full screen and history navigation</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-78.html" class="critical">MFSA 2012-78</a><dt> <dd>Reader Mode pages have chrome privileges</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-77.html" class="critical">MFSA 2012-77</a><dt> <dd>Some DOMWindowUtils methods bypass security checks</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-76.html" class="high">MFSA 2012-76</a><dt> <dd>Continued access to initial origin after setting document.domain</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-75.html" class="critical">MFSA 2012-75</a><dt> <dd>select element persistance allows for attacks</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-74.html" class="critical">MFSA 2012-74</a><dt> <dd>Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-72.html" class="high">MFSA 2012-72</a><dt> <dd>Web console eval capable of executing chrome-privileged code</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-71.html" class="high">MFSA 2012-71</a><dt> <dd>Insecure use of __android_log_print</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-70.html" class="high">MFSA 2012-70</a><dt> <dd>Location object security checks bypassed by chrome code</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-69.html" class="high">MFSA 2012-69</a><dt> <dd>Incorrect site SSL certificate data display</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-68.html" class="moderate">MFSA 2012-68</a><dt> <dd>DOMParser loads linked resources in extensions when parsing text/html</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-67.html" class="moderate">MFSA 2012-67</a><dt> <dd>Installer will launch incorrect executable following new installation</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-66.html" class="critical">MFSA 2012-66</a><dt> <dd>HTTPMonitor extension allows for remote debugging without explicit activation</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-65.html" class="moderate">MFSA 2012-65</a><dt> <dd>Out-of-bounds read in format-number in XSLT</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-64.html" class="high">MFSA 2012-64</a><dt> <dd>Graphite 2 memory corruption</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-63.html" class="critical">MFSA 2012-63</a><dt> <dd>SVG buffer overflow and use-after-free issues</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-62.html" class="critical">MFSA 2012-62</a><dt> <dd>WebGL use-after-free and memory corruption</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-61.html" class="critical">MFSA 2012-61</a><dt> <dd>Memory corruption with bitmap format images with negative height</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-60.html" class="critical">MFSA 2012-60</a><dt> <dd>Escalation of privilege through about:newtab</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-59.html" class="high">MFSA 2012-59</a><dt> <dd>Location object can be shadowed using Object.defineProperty</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-58.html" class="critical">MFSA 2012-58</a><dt> <dd>Use-after-free issues found using Address Sanitizer</dd> <dt><a href="https://www.mozilla.org/security/announce/2012/mfsa2012-57.html" class="critical">MFSA 2012-57</a><dt> <dd>Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)</dd> </dl> <br/> この更新により、firefox-16.0 にアップデートされます。<br/> また、一部ページによってクラッシュを起こしやすい場合がありましたが、その修正も含まれています。 <directory> Vine-6.1/updates/RPMS/i386 Vine-6.1/updates/RPMS/x86_64 <update> [ size ] [ SHA1 checksum ] [ file name ] 89398766 7678bde563ba7ff38401ab01ea33131515ce104e firefox-16.0-1vl6.src.rpm 21028370 1033255566ebf5e65ad62788dc39a78619cacb4e firefox-16.0-1vl6.i686.rpm 20703431 1b32d243db8e6ee721062ed1fe5ce7e4f79fb995 firefox-16.0-1vl6.x86_64.rpm