ZeroBox Vulnerability Database

受影响系统：

Mozilla Firefox 3.6.x
Mozilla Thunderbird 3.1.x

不受影响系统：

Mozilla Firefox 3.6.7
Mozilla Thunderbird 3.1.1

描述：

Firefox是一款流行的开源WEB浏览器。

<*来源：O. Andersen
  
  链接：http://secunia.com/advisories/39925/
        http://www.mozilla.org/security/announce/2010/mfsa2010-44.html
        https://bugzilla.mozilla.org/show_bug.cgi?format=multiple&id=564679
        https://www.redhat.com/support/errata/RHSA-2010-0547.html
*>

测试方法：

1 <!DOCTYPE HTML>
2 <html>
3 <!–
4 https://bugzilla.mozilla.org/show_bug.cgi?id=564679
5 –>
6 <head>
7   <meta http-equiv="Content-type" content="text/html; charset=windows-1253">
8   <title>Test for Unicode non-characters</title>
9   <script type="text/javascript" src="/MochiKit/packed.js"></script>
10   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
11   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
12 </head>
13 <body onload="test()">
14 <pre id="test">
15 <script class="testbody" type="text/javascript">
16  
17 /** test that single byte decoding resynchronizes after incomplete sequences */
18 function test()
19 {
20     is($("display").innerHTML, "All good.", "No overconsumption");
21     SimpleTest.finish();
22 }
23  
24   SimpleTest.waitForExplicitFinish();
25 </script>
26 </pre>
27 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=564679">Mozilla Bug 564679</a>
28 <p id="display">Evil.</p>
29 <div id="content" style="display: none"></div>
30  &Ograve;<script type="text/javascript">
31  $("display").innerHTML = "All good.";
32   </script> ->
33 </body>
34 </html>

建议：

厂商补丁：

http://www.mozilla.org/

RedHat
——
RedHat已经为此发布了一个安全公告（RHSA-2010:0547-01）以及相应补丁:
RHSA-2010:0547-01：Critical: firefox security update
链接：https://www.redhat.com/support/errata/RHSA-2010-0547.html