Ãë¾àÁ¡ID |
28856 |
À§Çèµµ |
40 |
Æ÷Æ® |
139,445 |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
SMB |
»ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 14.0 ÀÌÀüÀÇ Mozilla FirefoxÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. Mozilla Firefox´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ À¥ ºê¶ó¿ìÀúÀÌ´Ù. Mozilla Firefox 13.x ¹öÀüµéÀº ´ÙÀ½ÀÇ Ãë¾àÁ¡À» Æ÷ÇÔÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù. - ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡µéÀº ÀáÀçÀûÀ¸·Î ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϴµ¥ ÀÌ¿ëµÉ ¼ö ÀÖ´Ù. (CVE-2012-1948, CVE-2012-1949) - drag and dropÀ» ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1950) - ·¹À̾ƿô ¿£Áø¿¡ ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) - ÀÚ¹Ù½ºÅ©¸³Æ® ÇÔ¼öÀÎ 'history.forward'¿Í 'history.back'ÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1955) - RSSÀÇ <description>¿ä¼Ò ³»ºÎÀÇ <embed>ű׿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1957) - 'nsGlobalWindow::PageHidden'¸Þ¼Òµå ³»ºÎ¿¡ use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1958) - ƯÁ¤ µ¥ÀÌÅ͸¦ ó¸®ÇÒ ¶§ same-compartment security wrappers (SCSW)¸¦ ¿ìȸÇÏ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1959) - color management library (QCMS)¿¡ out-of-bounds read ¿¡·¯°¡ Á¸ÀçÇÏ¿© ¸Þ¸ð¸®ÀÇ Æ¯Á¤ ºÎºÐÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1960) - ¡®X-Frame-Options¡¯Çì´õ¸¦ ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ clickjacking °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1961) - 'JSDependentString::undepend'¸Þ¼Òµå ³»¿¡ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1962) - Content Security Policy (CSP)¸¦ ½ÇÇàÇÒ ¶§ OAuth 2.0 ¾×¼¼½º ÅäÅ«°ú OpenID ÀÚ°ÝÁõ¸íÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1963) - 'feed:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1965) - 'data:' URL°ú ÄÜÅؽºÆ® ¸Þ´º ¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1966) - 'javascript:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ ½ºÅ©¸³Æ®°¡ »÷µå¹Ú½º ¿ÜºÎ¿¡¼ »ó½ÂµÈ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù. (CVE-2012-1967)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://www.mozilla.org/security/announce/2012/mfsa2012-42.html http://www.mozilla.org/security/announce/2012/mfsa2012-43.html http://www.mozilla.org/security/announce/2012/mfsa2012-44.html http://www.mozilla.org/security/announce/2012/mfsa2012-45.html http://www.mozilla.org/security/announce/2012/mfsa2012-46.html http://www.mozilla.org/security/announce/2012/mfsa2012-47.html http://www.mozilla.org/security/announce/2012/mfsa2012-48.html http://www.mozilla.org/security/announce/2012/mfsa2012-49.html http://www.mozilla.org/security/announce/2012/mfsa2012-50.html http://www.mozilla.org/security/announce/2012/mfsa2012-51.html http://www.mozilla.org/security/announce/2012/mfsa2012-52.html http://www.mozilla.org/security/announce/2012/mfsa2012-53.html http://www.mozilla.org/security/announce/2012/mfsa2012-55.html http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Mozilla Project, Firefox 14.0 ÀÌÀüÀÇ ¹öÀüµé Microsoft Windows Any version Linux Any version |
ÇØ°áÃ¥ |
Mozilla Firefox ´Ù¿î·Îµå À¥ ÆäÀÌÁöÀÎ http://www.mozilla.or.kr/ko/ ¿¡¼ FirefoxÀÇ °¡Àå ÃֽŠ¹öÀü(14.0 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2012-1948,CVE-2012-1949,CVE-2012-1950,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1957,CVE-2012-1958 (CVE) |
°ü·Ã URL |
54572,54573,54574,54575,54576,54577,54578,54579,54580,54582,54583,54584,54585,54586 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|