| Ãë¾àÁ¡ID |
28855 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139,445 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMB |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 10.0.6 ÀÌÀüÀÇ Mozilla FirefoxÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. Mozilla Firefox´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ À¥ ºê¶ó¿ìÀúÀÌ´Ù. Mozilla Firefox 10.0.x < 10.0.6 ¹öÀüµéÀº ´ÙÀ½ÀÇ Ãë¾àÁ¡À» Æ÷ÇÔÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù.
- ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡µéÀº ÀáÀçÀûÀ¸·Î ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϴµ¥ ÀÌ¿ëµÉ ¼ö ÀÖ´Ù. (CVE-2012-1948)
- drag and dropÀ» ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1950)
- ·¹À̾ƿô ¿£Áø¿¡ ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
- ÀÚ¹Ù½ºÅ©¸³Æ® ÇÔ¼öÀÎ 'history.forward'¿Í 'history.back'ÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1955)
- RSSÀÇ <description>¿ä¼Ò ³»ºÎÀÇ <embed>ű׿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1957)
- 'nsGlobalWindow::PageHidden'¸Þ¼Òµå ³»ºÎ¿¡ use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1958)
- ƯÁ¤ µ¥ÀÌÅ͸¦ ó¸®ÇÒ ¶§ same-compartment security wrappers (SCSW)¸¦ ¿ìȸÇÏ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1959)
- ¡®X-Frame-Options¡¯Çì´õ¸¦ ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ clickjacking °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1961)
- 'JSDependentString::undepend'¸Þ¼Òµå ³»¿¡ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1962)
- Content Security Policy (CSP)¸¦ ½ÇÇàÇÒ ¶§ OAuth 2.0 ¾×¼¼½º ÅäÅ«°ú OpenID ÀÚ°ÝÁõ¸íÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1963)
- ÀÎÁõ ¿¹¿Ü󸮸¦ ¼öÇàÇÒ ¶§ ¿¡·¯°¡ ¹ß»ýÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â ¡®about:certerror¡¯ ÆäÀÌÁö¸¦ ÅëÇØ clickjacking °ø°ÝÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. (CVE-2012-1964)
- 'feed:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1965)
- 'data:' URL°ú ÄÜÅؽºÆ® ¸Þ´º ¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1966)
- 'javascript:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ ½ºÅ©¸³Æ®°¡ »÷µå¹Ú½º ¿ÜºÎ¿¡¼ »ó½ÂµÈ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù. (CVE-2012-1967)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Mozilla Project, Firefox 10.0.6 ÀÌÀüÀÇ ¹öÀüµé
Microsoft Windows Any version
Linux Any version |
| ÇØ°áÃ¥ |
Mozilla Firefox ´Ù¿î·Îµå À¥ ÆäÀÌÁöÀÎ http://www.mozilla.or.kr/ko/ ¿¡¼ FirefoxÀÇ °¡Àå ÃֽŠ¹öÀü(10.0.6 ȤÀº 14.0 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2012-1948,CVE-2012-1950,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959 (CVE) |
| °ü·Ã URL |
54573,54574,54575,54576,54577,54578,54579,54581,54582,54583,54584,54585,54586 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
