1. 主页
  2. 保安警报
  3. 保安警报 (A16-08-01)

保安警报 (A16-08-01): Firefox 多个漏洞


 

发布日期: 2016年 8月 3日

  
  

描述:

Mozilla 发布了安全公告,以应对于 Firefox 中发现的多个漏洞。造成这些漏洞的原因包括浏览器引擎的内存安全性错误、缓冲区满溢、堆阵缓冲区下溢、释放后使用(use-after-free)错误、整数满溢问题和类型混乱错误等。远程攻击者可诱使用户开启包含特制内容的网页或异常的视频档案从而攻击这些漏洞。

 

受影响的系统:

  • Firefox 48.0之前的版本
  • Firefox ESR 45.3之前的版本 

 

影响:

成功利用这些漏洞的攻击者可以在受影响的系统上终止程序执行、泄漏信息或执行任意程序代码。

 

建议:

Mozilla发行了有关产品的新版本以应对以上问题。用户可从以下网址下载:

  • Firefox 48.0 for Windows, Macintosh 及 Linux
    http://www.mozilla.org/en-US/firefox/all.html

  • Firefox ESR 45.3 for Windows, Macintosh 及 Linux
    https://www.mozilla.org/en-US/firefox/organizations/all/

受影响系统的用户应遵从产品供货商的建议,立即采取行动以降低风险。

 

进一步信息:

https://www.mozilla.org/security/advisories/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
https://www.mozilla.org/firefox/48.0/releasenotes/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2835 (to CVE-2016-2839)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250 (to CVE-2016-5255)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5258 (to CVE-2016-5268) 



标签 : Firefox , Mozilla
标签