cnvd-2017-12550
Vulnerability from cnvd
Title: Mozilla Firefox和Firefox ESR for OS X欺骗漏洞
Description:
Mozilla Firefox for OS X是美国Mozilla基金会的一款基于OS X平台的开源Web浏览器。Firefox ESR for OS X是Firefox的一个基于OS X平台的延长支持版本。
基于OS X平台的Mozilla Firefox 54之前的版本和Firefox ESR 52.2之前的版本中存在欺骗漏洞。攻击者可利用该漏洞实施域名欺骗攻击。
Severity: 中
Patch Name: Mozilla Firefox和Firefox ESR for OS X欺骗漏洞的补丁
Patch Description:
Mozilla Firefox for OS X是美国Mozilla基金会的一款基于OS X平台的开源Web浏览器。Firefox ESR for OS X是Firefox的一个基于OS X平台的延长支持版本。
基于OS X平台的Mozilla Firefox 54之前的版本和Firefox ESR 52.2之前的版本中存在欺骗漏洞。攻击者可利用该漏洞实施域名欺骗攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
Reference: http://www.securityfocus.com/bid/99057
Impacted products
| Name | ['Mozilla Firefox <54', 'mozilla Firefox ESR <52.2'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "99057"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-7763"
}
},
"description": "Mozilla Firefox for OS X\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eOS X\u5e73\u53f0\u7684\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Firefox ESR for OS X\u662fFirefox\u7684\u4e00\u4e2a\u57fa\u4e8eOS X\u5e73\u53f0\u7684\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eOS X\u5e73\u53f0\u7684Mozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 52.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u57df\u540d\u6b3a\u9a97\u653b\u51fb\u3002",
"discovererName": "Nils, Tobias Klein, Yuji Tounai of NTT Communications, Abhishek Arya, F. Alonso (revskills), Holger Fuhrmannek, Tyson Smith, Nicolas Trippar of Zimperium zLabs, Michal Bentkowski, Samuel Erb, Jonathan Birch and Microsoft Vulnerability Research, and Seb Pat",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-12550",
"openTime": "2017-07-03",
"patchDescription": "Mozilla Firefox for OS X\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eOS X\u5e73\u53f0\u7684\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Firefox ESR for OS X\u662fFirefox\u7684\u4e00\u4e2a\u57fa\u4e8eOS X\u5e73\u53f0\u7684\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eOS X\u5e73\u53f0\u7684Mozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 52.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u57df\u540d\u6b3a\u9a97\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u548cFirefox ESR for OS X\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c54",
"mozilla Firefox ESR \u003c52.2"
]
},
"referenceLink": "http://www.securityfocus.com/bid/99057",
"serverity": "\u4e2d",
"submitTime": "2017-06-23",
"title": "Mozilla Firefox\u548cFirefox ESR for OS X\u6b3a\u9a97\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…