| Ãë¾àÁ¡ID |
28888 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139,445 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMB |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 52 ÀÌÀüÀÇ Mozilla FirefoxÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. Mozilla Firefox´Â Mozilla ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ °³¹ßµÈ °ø°³ ¼Ò½º ±â¹ÝÀÇ À¥ ºê¶ó¿ìÀúÀÌ´Ù. Mozilla Firefox 52 ÀÌÀüÀÇ ¹öÀüµéÀº ´ÙÀ½ÀÇ Ãë¾àÁ¡À» Æ÷ÇÔÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù.
- ¸ðÁú¶ó °³¹ßÀÚ ¹× Ä¿¹Â´ÏƼ ¸â¹öÀÎ Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd°¡ Firefox 51 °ú Firefox ESR 45.7 ¹öÀüÀÇ ¸Þ¸ð¸® ¾ÈÁ¤¼º ¹ö±×¸¦ º¸°íÇÏ¿´´Ù. (CVE-2017-5398)
- ¸ðÁú¶ó °³¹ßÀÚ ¹× Ä¿¹Â´ÏƼ ¸â¹öÀÎ Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and Andre Bargull°¡ Firefox 51 ¹öÀüÀÇ ¸Þ¸ð¸® ¾ÈÁ¤¼º ¹ö±×¸¦ º¸°íÇÏ¿´´Ù. (CVE-2017-5399)
- asm.js ¸¦ ŸÄÏÀ¸·Î ÇÑ JIT-spray ¿Í È¥ÇÕµÈ heap spray¸¦ ÅëÇÏ¿© ASLR, DEP ¹æ¾î¸¦ ¿ìȸÇÒ ¼ö ÀÖÀ¸¸ç ¸Þ¸ð¸® ºØ±« °ø°ÝÀ» ÇÒ ¼ö ÀÖ´Ù. (CVE-2017-5400)
- ·ÎÁ÷ ¿¡·¯ÀÇ ÀÇÇÏ¿© ÇÒ´çµÇÁö ¾ÊÀº ErrorResult ÂüÁ¶°¡ À¥ ÄÄÆ÷³ÍÆ®¿¡ ÀÇÇØ ¹ß»ýÇÏ¿©, Å©·¡½Ã µÉ ¼ö ÀÖ´Ù. (CVE-2017-5401)
- FontFace °´Ã¼¿¡¼ À̺¥Æ®°¡ ¹ß»ýÇÒ ¶§ ÀÌ¹Ì Æı«µÈ font¸¦ ÂüÁ¶ÇØ ÇØÁ¦ ÈÄ »ç¿ë ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. (CVE-2017-5402)
- Á¤È®ÇÏÁö ¾ÊÀº root °´Ã¼¿¡ range¸¦ Ãß°¡ÇÏ¿© ÇØÁ¦ ÈÄ »ç¿ë ¿¡·¯°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2017-5403)
- À͸íÀÌ ³»ºÎ Æ®¸® °´Ã¼ÀÇ range¿¡¼ selectionÀ» ÇÑ ÈÄ ¹Û¿¡¼ ÂüÁ¶ÇÒ ¶§ ÇØÁ¦ ÈÄ »ç¿ë ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. (CVE-2017-5404)
- FTP ¿¬°áÀÇ Æ¯Á¤ ÀÀ´ä Äڵ尡 ÃʱâȵÇÁö port º¯¼ö¸¦ ÂüÁ¶ÇÑ´Ù. (CVE-2017-5405)
- Skia ±×·¡ÇÈ ¶óÀ̺귯¸®¿¡ segmentation fault Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2017-5406)
- SVG ÇÊÅ͸¦ »ç¿ëÇÒ ¶§ target iframe¿¡¼ °íÁ¤µÈ math implementation Æ÷ÀÎÆ®¸¦ »ç¿ëÇÏÁö ¾Ê¾Æ ¾ÇÀÇÀûÀÎ ÆäÀÌÁö¿¡¼ Çȼ¿ °ªÀ» ÃßÃâÇÒ ¼ö ÀÖ´Ù. (CVE-2017-5407)
- Video caption¿¡ Á¤º¸À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2017-5408)
- ±ÇÇÑÀÌ ¾ø´Â »ç¿ëÀÚ°¡ Mozilla Windows updaterÀÇ È£Ãâ ÆĶó¹ÌÅ͸¦ Á¶ÀÛÇÏ¿© ±ÇÇÑÀÌ ÇÊ¿äÇÑ ÀÓÀÇÀÇ ÆÄÀÏÀ» Áö¿ï ¼ö ÀÖ´Ù. (CVE-2017-5409)
- Garbage collectionÀÇ ¸Þ¸ð¸® ºØ±« Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2017-5410)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Mozilla Project, Firefox 52 ÀÌÀüÀÇ ¹öÀüµé
Microsoft Windows Any version
Linux Any version |
| ÇØ°áÃ¥ |
Mozilla Firefox ´Ù¿î·Îµå À¥ ÆäÀÌÁöÀÎ http://www.mozilla.or.kr/ko/ ¿¡¼ FirefoxÀÇ °¡Àå ÃֽŠ¹öÀü(52 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2017-5398,CVE-2017-5399,CVE-2017-5400,CVE-2017-5401,CVE-2017-5402,CVE-2017-5403,CVE-2017-5404,CVE-2017-5405,CVE-2017-5406,CVE-2017-5407 (CVE) |
| °ü·Ã URL |
96651,96654,96664,96677,96691,96692,96693,96696 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
