| Ãë¾àÁ¡ID |
28859 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139,445 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMB |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 2.11.0 ÀÌÀüÀÇ Mozilla SeaMonkeyÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. SeaMonkey´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ À¥ ºê¶ó¿ìÀúÀÌ´Ù. Mozilla SeaMonkey 2.11.0 ÀÌÀüÀÇ ¹öÀüµéÀº ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù.
- ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡µéÀº ÀáÀçÀûÀ¸·Î ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϴµ¥ ÀÌ¿ëµÉ ¼ö ÀÖ´Ù. (CVE-2012-1948, CVE-2012-1949)
- ·¹À̾ƿô ¿£Áø¿¡ ´Ù¼öÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
- ÀÚ¹Ù½ºÅ©¸³Æ® ÇÔ¼öÀÎ 'history.forward'¿Í 'history.back'ÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇØ Á¤È®ÇÏÁö ¾ÊÀº URLÀÌ Ç¥½ÃµÉ ¼ö ÀÖ´Ù. (CVE-2012-1955)
- RSSÀÇ <description>¿ä¼Ò ³»ºÎÀÇ <embed>ű׿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ cross-site scripting (XSS) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1957)
- 'nsGlobalWindow::PageHidden'¸Þ¼Òµå ³»ºÎ¿¡ use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1958)
- ƯÁ¤ µ¥ÀÌÅ͸¦ ó¸®ÇÒ ¶§ same-compartment security wrappers (SCSW)¸¦ ¿ìȸÇÏ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1959)
- color management library (QCMS)¿¡ out-of-bounds read ¿¡·¯°¡ Á¸ÀçÇÏ¿© ¸Þ¸ð¸®ÀÇ Æ¯Á¤ ºÎºÐÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1960)
- ¡®X-Frame-Options¡¯Çì´õ¸¦ ó¸®ÇÒ ¶§ ¹ß»ýÇÏ´Â ¿¡·¯·Î ÀÎÇØ clickjacking °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2012-1961)
- 'JSDependentString::undepend'¸Þ¼Òµå ³»¿¡ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2012-1962)
- Content Security Policy (CSP)¸¦ ½ÇÇàÇÒ ¶§ OAuth 2.0 ¾×¼¼½º ÅäÅ«°ú OpenID ÀÚ°ÝÁõ¸íÀÌ ³ëÃâµÉ ¼ö ÀÖ´Ù. (CVE-2012-1963)
- 'javascript:' URL¿¡ Á¸ÀçÇÏ´Â ¿¡·¯·Î ÀÎÇØ ½ºÅ©¸³Æ®°¡ »÷µå¹Ú½º ¿ÜºÎ¿¡¼ »ó½ÂµÈ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù. (CVE-2012-1967)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Mozilla Foundation, SeaMonkey 2.11.0 ÀÌÀüÀÇ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Mozilla SeaMonkey Project À¥ ÆäÀÌÁöÀÎ http://www.mozilla.org/projects/seamonkey/ ¿¡¼ SeaMonkeyÀÇ °¡Àå ÃֽŠ¹öÀü(2.11.0 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959 (CVE) |
| °ü·Ã URL |
54572,54573,54574,54575,54576,54578,54580,54582,54583,54584,54586 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
