Ãë¾àÁ¡ID |
28872 |
À§Çèµµ |
40 |
Æ÷Æ® |
139,445 |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
SMB |
»ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 17.0.7 ÀÌÀüÀÇ Mozilla Thunderbird ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Â °ÍÀ¸·Î ³ªÅ¸³´Ù. Mozilla Thunderbird´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ e-mail Ŭ¶óÀ̾ðÆ®ÀÌ´Ù. Mozilla Thunderbird 17.x ¹öÀüµéÀº ´ÙÀ½ÀÇ Ãë¾àÁ¡À» Æ÷ÇÔÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù.
- ´ÙÁßÀÇ Á¤ÀǵÇÁö ¾ÊÀº ¸Þ¸ð¸® ¾ÈÀü À̽´°¡ Á¸ÀçÇÑ´Ù. (CVE-2013-1682, CVE-2013-1683) - 'LookupMediaElementURITable', 'nsIDocument::GetRootElement', 'mozilla::ResetDir'¿¡ °ü·ÃµÈ Heap-use-after-free Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-1684, CVE-2013-1685, CVE-2013-1686) - 'XBL scope', 'System Only Wrappers' (SOW) ±×¸®°í chrome-privileged ÆäÀÌÁö¿¡ Å©·Î½º »çÀÌÆ® ½ºÅ©¸³ÆÃ(XSS) °ø°ÝÀ» Çã¿ëÇÏ´Â ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. (CVE-2013-1687) - 'profiler'¿¡ °ü·ÃµÈ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Ù. (CVE-2013-1688) - 'onreadystatechange'¿Í ¸ÅÇεÇÁö ¾ÊÀº ¸Þ¸ð¸®¿¡ °ü·ÃµÈ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â ÇØ´ç ÇÁ·Î±×·¥À» ÁßÁö½ÃÅ°°Å³ª ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Ù. (CVE-2013-1690) - XMLHttpRequest HEAD ¿äû ³»ºÎÀÇ body µ¥ÀÌÅ͸¦ º¸È£ÇÏÁö ¾Ê´Â´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â Á¶ÀÛµÈ À¥»çÀÌÆ®¸¦ ÅëÇØ cross-site request forgery (CSRF)°ø°ÝÀÌ ¿ëÀÌÇØÁø´Ù. (CVE-2013-1692) - SVG ÄÜÅÙÃ÷ 󸮿¡ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇØ Å¸ÀÌ¹Ö °ø°ÝÀ» ÅëÇØ µµ¸ÞÀÎ ¹ÛÀÇ Á¤º¸°¡ À¯ÃâµÉ ¼ö ÀÖ´Ù. (CVE-2013-1693) - 'PreserveWrapper'¿Í 'preserved-wrapper'¿¡ °ü·ÃµÈ ¿¡·¯·Î ÀÎÇØ ÇØ´ç ÇÁ·Î±×·¥ÀÌ ÁßÁöµÉ ¼ö ÀÖ´Ù. (CVE-2013-1694) - '<iframe sandbox>' Á¦ÇÑÀÌ ¿Ã¹Ù¸£°Ô ÀÛµ¿ÇÏÁö ¾Ê´Â´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â ÀÌ Á¦ÇѵéÀ» ¿ìȸÇÒ ¼ö ÀÖ´Ù. (CVE-2013-1695) - 'X-Frame-Options' Çì´õ°¡ ƯÁ¤ »óȲ¿¡¼ ¹«½ÃµÈ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀڴ Ŭ¸¯ ÀçÅ· °ø°ÝÀÌ ¿ëÀÌÇØÁú ¼ö ÀÖ´Ù. (CVE-2013-1696) - 'toString'°ú 'valueOf' ¸Þ½îµå¿¡ °ü·ÃµÈ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â 'XrayWrappers'¸¦ ¿ìȸÇÒ ¼ö ÀÖ´Ù. (CVE-2013-1697) - 'getUserMedia' ½ÂÀÎ ´ÙÀ̾ó·Î±×¿¡ °ü·ÃµÈ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇØ »ç¿ëÀÚ´Â ÀǵµÇÏÁö ¾ÊÀº µµ¸ÞÀο¡ Á¢¼ÓµÉ ¼ö ÀÖ´Ù. (CVE-2013-1698) - Homograph µµ¸ÞÀÎ ½ºÇªÇÎ º¸È£°¡ ¿Ã¹Ù¸£°Ô ÀÌ·ç¾îÁöÁö ¾Ê´À´À´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â Internationalized Domain Names (IDN)¸¦ ÀÌ¿ëÇÏ¿© µµ¸ÞÀÎ ½ºÇªÇÎ °ø°ÝÀ» ÇÒ ¼ö ÀÖ´Ù. (CVE-2013-1699) - À©µµ¿ì »óÀÇ 'Mozilla Maintenance Service' ¿¡ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇØ ¾÷µ¥ÀÌÆ®°¡ ¿Ã¹Ù¸£°Ô ÀÌ·ç¾îÁöÁö ¾ÊÀ» ¼ö ÀÖ´Ù. (CVE-2013-1700)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://www.mozilla.org/security/announce/2013/mfsa2013-49.html http://www.mozilla.org/security/announce/2013/mfsa2013-50.html http://www.mozilla.org/security/announce/2013/mfsa2013-51.html http://www.mozilla.org/security/announce/2013/mfsa2013-52.html http://www.mozilla.org/security/announce/2013/mfsa2013-53.html http://www.mozilla.org/security/announce/2013/mfsa2013-54.html http://www.mozilla.org/security/announce/2013/mfsa2013-55.html http://www.mozilla.org/security/announce/2013/mfsa2013-56.html http://www.mozilla.org/security/announce/2013/mfsa2013-57.html http://www.mozilla.org/security/announce/2013/mfsa2013-58.html http://www.mozilla.org/security/announce/2013/mfsa2013-59.html http://www.mozilla.org/security/announce/2013/mfsa2013-60.html http://www.mozilla.org/security/announce/2013/mfsa2013-61.html http://www.mozilla.org/security/announce/2013/mfsa2013-62.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Mozilla Project, Thunderbird 17.0.7 ÀÌÀüÀÇ ¹öÀüµé Microsoft Windows Any version Linux Any version |
ÇØ°áÃ¥ |
Mozilla À¥ »çÀÌÆ®ÀÎ http://www.mozilla.com/thunderbird/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â ThunderbirdÀÇ °¡Àå ÃֽŠ¹öÀü(17.0.7 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2013-1682,CVE-2013-1683,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1688,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693 (CVE) |
°ü·Ã URL |
60765,60766,60768,60773,60774,60776,60777,60778,60779,60783,60784,60785,60787,60688,60789,60790,60791 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|