Ãë¾àÁ¡ID |
28832 |
À§Çèµµ |
40 |
Æ÷Æ® |
139,445 |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
SMB |
»ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 3.5.17 ÀÌÀüÀÇ Mozilla FirefoxÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. Mozilla´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ À¥ ºê¶ó¿ìÀúÀÌ´Ù. Mozilla Firefox 3.5.17 ÀÌÀüÀÇ 3.5.x ¹öÀüµéÀº ´ÙÀ½ÀÇ Ãë¾àÁ¡À» Æ÷ÇÔÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù.
- ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀ» À¯¹ßÇÒ ¼ö ÀÖ´Â ´ÙÁß ¸Þ¸ð¸® ¼Õ»ó ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. (MFSA 2010-74, MFSA 2011-01) - try/catch ±¸¹®À¸·Î °¨½ÎÁø 'eval()'ÇÔ¼ö°¡ Àç±ÍÀûÈ£ÃâµÇ¾î 󸮵ɶ§ ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. ¾Æ¹«·± ÄÁÅÙÃ÷°¡ ¾ø°Å³ª ±â´ÉÀ» ÇÏÁö ¾Ê´Â ¹öÆ°À» °¡Áö°í ÀÖ´Â ´ÙÀ̾ó·Î±× ¹Ú½º¸¦ ³ªÅ¸³½´Ù. ´ÙÀ̾ó·Î±×ÀÇ ±âº» ¼ö¿ë°á°ú ´ÙÀ̾ó·Î±×°¡ ´ÝÈú ¼ö ÀÖ´Ù. (MFSA 2011-02) - 'JSON.stringify'¸¦ »ç¿ëÇÏ´Â ¸Þ¼Òµå¿¡¼ »ç¿ë ÈÄ ¹Ýȯ ¹®Á¦Á¡ÀÌ Á¸ÀçÇÏ°í, ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀ» Çã¿ëÇÒ ¼ö ÀÖ´Ù. (MFSA 2011-03) - ÀÚ¹Ù½ºÅ©¸³Æ® ¿£ÁøÀÇ ºñÁö¿ª º¯¼öÀÇ ³»ºÎ ¸Þ¸ð¸® ¸ÅÇο¡¼ ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ°í ÄÚµå ½ÇÇàÀ» À¯¹ßÇÒ ¼ö ÀÖ´Ù. (MFSA 2011-04) - ÀÚ¹Ù½ºÅ©¸³Æ® ¿£ÁøÀÇ ¹®ÀÚ¿ °ªÀÇ ³»ºÎ ¸ÅÇο¡¼ ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ°í ÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Ù. (MFSA 2011-05) - JavaScript 'Worker'¸¦ »ç¿ëÇÏ¿© °¡ºñÁö Ä÷º¼Ç µ¿¾È ÇØÁ¦µÇ´Â °³Ã¼ÀÇ ÂüÁ¶¸¦ ÇÒ ¼ö ÀÖ´Â »ç¿ë ÈÄ ¹Ýȯ ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. ÀÌ Ãë¾àÁ¡Àº ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Ù. (MFSA 2011-06) - ¸Å¿ì ±ä ¹®ÀÚ¿À» »ý¼ºÇÏ°í HTML ¹®¼¿¡ ¹®ÀÚ¿À» »ðÀÔÇÏ´Â °Í°ú °ü·ÃµÈ ¹öÆÛ ¿À¹öÇÃ·Î¿ì ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. ÀÌ Ãë¾àÁ¡Àº ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Ù. (MFSA 2011-07) - 'Å©·Ò ¹®¼ÀÇ URLs¿¡¼ ³»ºÎ ÀÚ¹Ù½ºÅ©¸³Æ®¿Í 'javascript:'¸¦ Çã¿ëÇÏ´Â 'ParanoidFragmentSink' Ŭ·¡½º¿¡ ÀԷ°ª °ËÁõ ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. (MFSA 2011-08) - HTTP 307À» ¸®´ÙÀÌ·ºÆ®ÇÒ¶§ Á¸ÀçÇÏ´Â Å©·Î½º»çÀÌÆ® ¿äû À§Á¶(CSRF) Ãë¾àÁ¡Àº Ç÷¯±×ÀÎÀÇ ¿äû¿¡ ´ëÇÑ ÀÀ´äÀ» ¹Þ´Â´Ù. ¿äûÀº »óÅ ±â¿ø¿¡ »ó°ü¾øÀÌ »ç¿ëÀÚ Çì´õ¸¦ ±×´ë·Î °¡Áö°í Ç÷¯±×ÀÎÀÇ Áö½Ä¾øÀÌ »õ À§Ä¡·Î Àü´ÞµÈ´Ù. (MFSA 2011-10)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://archives.neohapsis.com/archives/bugtraq/2010-04/0204.html http://www.mozilla.org/security/announce/2010/mfsa2010-74.html http://www.mozilla.org/security/announce/2011/mfsa2011-01.html http://www.mozilla.org/security/announce/2011/mfsa2011-02.html http://www.mozilla.org/security/announce/2011/mfsa2011-03.html http://www.mozilla.org/security/announce/2011/mfsa2011-04.html http://www.mozilla.org/security/announce/2011/mfsa2011-05.html http://www.mozilla.org/security/announce/2011/mfsa2011-06.html http://www.mozilla.org/security/announce/2011/mfsa2011-07.html http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.mozilla.org/security/announce/2011/mfsa2011-10.html http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.17
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Mozilla Project, Firefox 3.5.17 ÀÌÀüÀÇ 3.5.x ¹öÀüµé Microsoft Windows Any version Linux Any version |
ÇØ°áÃ¥ |
Mozilla Firefox ´Ù¿î·Îµå À¥ ÆäÀÌÁöÀÎ http://www.mozilla.or.kr/ko/ ¿¡¼ FirefoxÀÇ °¡Àå ÃֽŠ¹öÀü(3.5.17 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2010-1585,CVE-2010-3777,CVE-2011-0051,CVE-2011-0053,CVE-2011-0054,CVE-2011-0055,CVE-2011-0056,CVE-2011-0057,CVE-2011-0058 (CVE) |
°ü·Ã URL |
45348,46368,46643,46645,46648,46650,46652,46660,46661,46663 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|