政府電腦保安事故協調中心 - 保安警報(A16-03-04): Firefox多個漏洞

描述:

Mozilla 發布了安全公告，以應對於 Firefox 中發現的多個漏洞。造成這些漏洞的原因包括瀏覽器引擎的記憶體安全性錯誤、ServiceWorkerManager的邊界外讀取(out-of-bounds read)、多個釋放後使用(use-after-free)錯誤、緩衝區滿溢和多個Graphite 2程式庫中的問題。遠端攻擊者可誘使用戶開啓包含特製內容的網頁來攻擊這些漏洞。

受影響的系統:

Firefox 45.0之前的版本
Firefox ESR 38.7之前的版本

影響:

成功利用這些漏洞的攻擊者可以在受影響的系統上終止程式執行或執行任意程式碼。

建議:

Mozilla發行了有關產品的新版本以應對以上問題。用戶可從以下網址下載:

Firefox 45.0 for Windows, Macintosh 及 Linux
http://www.mozilla.org/en-US/firefox/all.html
Firefox ESR 38.7 for Windows, Macintosh 及 Linux
https://www.mozilla.org/en-US/firefox/organizations/all/

受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://www.mozilla.org/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-16
https://www.mozilla.org/en-US/security/advisories/mfsa2016-17
https://www.mozilla.org/en-US/security/advisories/mfsa2016-18
https://www.mozilla.org/en-US/security/advisories/mfsa2016-19
https://www.mozilla.org/en-US/security/advisories/mfsa2016-20
https://www.mozilla.org/en-US/security/advisories/mfsa2016-21
https://www.mozilla.org/en-US/security/advisories/mfsa2016-22
https://www.mozilla.org/en-US/security/advisories/mfsa2016-23
https://www.mozilla.org/en-US/security/advisories/mfsa2016-24
https://www.mozilla.org/en-US/security/advisories/mfsa2016-25
https://www.mozilla.org/en-US/security/advisories/mfsa2016-26
https://www.mozilla.org/en-US/security/advisories/mfsa2016-27
https://www.mozilla.org/en-US/security/advisories/mfsa2016-28
https://www.mozilla.org/en-US/security/advisories/mfsa2016-29
https://www.mozilla.org/en-US/security/advisories/mfsa2016-30
https://www.mozilla.org/en-US/security/advisories/mfsa2016-31
https://www.mozilla.org/en-US/security/advisories/mfsa2016-32
https://www.mozilla.org/en-US/security/advisories/mfsa2016-33
https://www.mozilla.org/en-US/security/advisories/mfsa2016-34
https://www.mozilla.org/en-US/security/advisories/mfsa2016-35
https://www.mozilla.org/en-US/security/advisories/mfsa2016-36
https://www.mozilla.org/en-US/security/advisories/mfsa2016-37
https://www.mozilla.org/firefox/45.0/releasenotes/
https://www.hkcert.org/my_url/zh/alert/16030916
https://www.us-cert.gov/ncas/current-activity/2016/03/08/Mozilla-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952 (至 CVE-2016-1968)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1970 (至 CVE-2016-1977)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790 (至 CVE-2016-2802)

標籤 : Firefox , Mozilla