English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 28856
À§Çèµµ 40
Æ÷Æ® 139,445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ÇØ´ç È£½ºÆ®¿¡´Â 14.0 ÀÌÀüÀÇ Mozilla FirefoxÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. Mozilla Firefox´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ À¥ ºê¶ó¿ìÀúÀÌ´Ù. Mozilla Firefox 13.x ¹öÀüµéÀº ´ÙÀ½ÀÇ Ãë¾àÁ¡À» Æ÷ÇÔÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù.
- ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡µéÀº ÀáÀçÀûÀ¸·Î ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϴµ¥ ÀÌ¿ëµÉ ¼ö ÀÖ´Ù. (CVE-2012-1948, CVE-2012-1949)
- drag and dropÀ» ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1950)
- ·¹À̾ƿô ¿£Áø¿¡ ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
- ÀÚ¹Ù½ºÅ©¸³Æ® ÇÔ¼öÀÎ 'history.forward'¿Í 'history.back'ÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1955)
- RSSÀÇ <description>¿ä¼Ò ³»ºÎÀÇ <embed>ű׿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1957)
- 'nsGlobalWindow::PageHidden'¸Þ¼Òµå ³»ºÎ¿¡ use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1958)
- ƯÁ¤ µ¥ÀÌÅ͸¦ ó¸®ÇÒ ¶§ same-compartment security wrappers (SCSW)¸¦ ¿ìȸÇÏ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1959)
- color management library (QCMS)¿¡ out-of-bounds read ¿¡·¯°¡ Á¸ÀçÇÏ¿© ¸Þ¸ð¸®ÀÇ Æ¯Á¤ ºÎºÐÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1960)
- ¡®X-Frame-Options¡¯Çì´õ¸¦ ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ clickjacking °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1961)
- 'JSDependentString::undepend'¸Þ¼Òµå ³»¿¡ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1962)
- Content Security Policy (CSP)¸¦ ½ÇÇàÇÒ ¶§ OAuth 2.0 ¾×¼¼½º ÅäÅ«°ú OpenID ÀÚ°ÝÁõ¸íÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1963)
- 'feed:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1965)
- 'data:' URL°ú ÄÜÅؽºÆ® ¸Þ´º ¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1966)
- 'javascript:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ ½ºÅ©¸³Æ®°¡ »÷µå¹Ú½º ¿ÜºÎ¿¡¼­ »ó½ÂµÈ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù. (CVE-2012-1967)

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Mozilla Project, Firefox 14.0 ÀÌÀüÀÇ ¹öÀüµé
Microsoft Windows Any version
Linux Any version
ÇØ°áÃ¥ Mozilla Firefox ´Ù¿î·Îµå À¥ ÆäÀÌÁöÀÎ http://www.mozilla.or.kr/ko/ ¿¡¼­ FirefoxÀÇ °¡Àå ÃֽŠ¹öÀü(14.0 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2012-1948,CVE-2012-1949,CVE-2012-1950,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1957,CVE-2012-1958 (CVE)
°ü·Ã URL 54572,54573,54574,54575,54576,54577,54578,54579,54580,54582,54583,54584,54585,54586 (SecurityFocus)
°ü·Ã URL (ISS)