English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 28857
À§Çèµµ 40
Æ÷Æ® 139,445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ÇØ´ç È£½ºÆ®¿¡´Â 10.0.6 ÀÌÀüÀÇ Mozilla Thunderbird ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Â °ÍÀ¸·Î ³ªÅ¸³­´Ù. Mozilla Thunderbird´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ e-mail Ŭ¶óÀ̾ðÆ®ÀÌ´Ù. Mozilla Thunderbird 10.0.x < 10.0.6 ¹öÀüµéÀº ´ÙÀ½ÀÇ Ãë¾àÁ¡À» Æ÷ÇÔÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù.
- ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡µéÀº ÀáÀçÀûÀ¸·Î ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϴµ¥ ÀÌ¿ëµÉ ¼ö ÀÖ´Ù. (CVE-2012-1948)
- ·¹À̾ƿô ¿£Áø¿¡ ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
- ÀÚ¹Ù½ºÅ©¸³Æ® ÇÔ¼öÀÎ 'history.forward'¿Í 'history.back'ÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1955)
- RSSÀÇ <description>¿ä¼Ò ³»ºÎÀÇ <embed>ű׿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1957)
- 'nsGlobalWindow::PageHidden'¸Þ¼Òµå ³»ºÎ¿¡ use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1958)
- ƯÁ¤ µ¥ÀÌÅ͸¦ ó¸®ÇÒ ¶§ same-compartment security wrappers (SCSW)¸¦ ¿ìȸÇÏ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1959)
- ¡®X-Frame-Options¡¯Çì´õ¸¦ ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ clickjacking °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1961)
- 'JSDependentString::undepend'¸Þ¼Òµå ³»¿¡ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1962)
- Content Security Policy (CSP)¸¦ ½ÇÇàÇÒ ¶§ OAuth 2.0 ¾×¼¼½º ÅäÅ«°ú OpenID ÀÚ°ÝÁõ¸íÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1963)
- ÀÎÁõ ¿¹¿Ü󸮸¦ ¼öÇàÇÒ ¶§ ¿¡·¯°¡ ¹ß»ýÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â ¡®about:certerror¡¯ ÆäÀÌÁö¸¦ ÅëÇØ clickjacking °ø°ÝÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. (CVE-2012-1964)
- 'javascript:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ ½ºÅ©¸³Æ®°¡ »÷µå¹Ú½º ¿ÜºÎ¿¡¼­ »ó½ÂµÈ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù. (CVE-2012-1967)

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Mozilla Project, Thunderbird 10.0.6 ÀÌÀüÀÇ ¹öÀüµé
Microsoft Windows Any version
Linux Any version
ÇØ°áÃ¥ Mozilla À¥ »çÀÌÆ®ÀÎ http://www.mozilla.com/thunderbird/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â ThunderbirdÀÇ °¡Àå ÃֽŠ¹öÀü(10.0.6 ȤÀº 14.0 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2012-1948,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1961 (CVE)
°ü·Ã URL 54573,54574,54575,54576,54578,54581,54582,54583,54584,54586 (SecurityFocus)
°ü·Ã URL (ISS)