製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性

Title	複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性
Summary	複数の Mozilla 製品のブラウザエンジンには、サービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、サービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 28, 2011, midnight
Registration Date	May 20, 2011, 11:16 a.m.
Last Update	Nov. 17, 2011, 10:45 a.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux EUS 5.6.z (server)

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Long Life (v. 5.6 server)

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

RHEL Desktop Workstation 5 (client)

オラクル

Oracle Solaris 10

Oracle Solaris 11 Express

Mozilla Foundation

Mozilla Firefox 3.5.19 未満

Mozilla Firefox 3.6.17 未満

Mozilla Firefox 4.0.1 未満

Mozilla SeaMonkey 2.0.14 未満

Mozilla Thunderbird 3.1.10 未満

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-0081	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081
National Vulnerability Database (NVD)
2	CVE-2011-0081	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0081

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	firefox-3.6.17-1.0.1.AXS3, xulrunner-1.9.2.17-3.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1441
MIRACLE LINUX アップデート情報
2	2220	https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2220
Mozilla Foundation Security Advisory
3	MFSA2011-12	http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
Mozilla Foundation セキュリティアドバイザリ
4	MFSA2011-12	http://www.mozilla-japan.org/security/announce/2011/mfsa2011-12.html
Red Hat Security Advisory
5	RHSA-2011:0471	https://rhn.redhat.com/errata/RHSA-2011-0471.html
6	RHSA-2011:0475	https://rhn.redhat.com/errata/RHSA-2011-0475.html
SECURITY BLOG
7	multiple_vulnerabilities_in_thunderbird	http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird

その他

No	Name	URL
Secunia Advisory
1	SA44357	http://secunia.com/advisories/44357
2	SA44406	http://secunia.com/advisories/44406
3	SA44407	http://secunia.com/advisories/44407
SecurityFocus
4	47653	http://www.securityfocus.com/bid/47653
VUPEN Security
5	VUPEN/ADV-2011-1127	http://www.vupen.com/english/advisories/2011/1127

Change Log

No	Changed Details	Date of change
0	[2011年05月20日] 掲載 [2011年06月06日] 影響を受けるシステム：ミラクル・リナックス (firefox-3.6.17-1.0.1.AXS3, xulrunner-1.9.2.17-3.0.1.AXS3) の情報を追加影響を受けるシステム：ミラクル・リナックス (2220) の情報を追加ベンダ情報：ミラクル・リナックス (firefox-3.6.17-1.0.1.AXS3, xulrunner-1.9.2.17-3.0.1.AXS3) を追加ベンダ情報：ミラクル・リナックス (2220) を追加 [2011年11月17日] 影響を受けるシステム：オラクル (multiple_vulnerabilities_in_thunderbird) の情報を追加ベンダ情報：オラクル (multiple_vulnerabilities_in_thunderbird) の情報を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-0081

Summary	Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Publication Date	May 8, 2011, 3:55 a.m.
Registration Date	Jan. 28, 2021, 4:37 p.m.
Last Update	Nov. 21, 2024, 10:23 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:3.6.2:::::::*
cpe:2.3:a:mozilla:firefox:3.6.3:::::::*
cpe:2.3:a:mozilla:firefox:3.6.15:::::::*
cpe:2.3:a:mozilla:firefox:3.6.11:::::::*
cpe:2.3:a:mozilla:firefox:3.6.8:::::::*
cpe:2.3:a:mozilla:firefox:3.6.9:::::::*
cpe:2.3:a:mozilla:firefox:3.6.14:::::::*
cpe:2.3:a:mozilla:firefox:3.6.12:::::::*
cpe:2.3:a:mozilla:firefox:3.6.6:::::::*
cpe:2.3:a:mozilla:firefox:3.6.16:::::::*
cpe:2.3:a:mozilla:firefox:3.6.1:::::::*
cpe:2.3:a:mozilla:firefox:3.6.10:::::::*
cpe:2.3:a:mozilla:firefox:3.6.7:::::::*
cpe:2.3:a:mozilla:firefox:3.6.4:::::::*
cpe:2.3:a:mozilla:firefox:3.6.13:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
cpe:2.3:a:mozilla:firefox:4.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
cpe:2.3:a:mozilla:firefox:4.0:beta7::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:mozilla:thunderbird:3.1.8:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.7:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.2:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.9:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.1:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.4:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.3:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.6:::::::*

Related information, measures and tools

No	URL	タグ
1	http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird
2	http://downloads.avaya.com/css/P8/documents/100144158
3	http://www.debian.org/security/2011/dsa-2227
4	http://www.debian.org/security/2011/dsa-2228
5	http://www.debian.org/security/2011/dsa-2235
6	http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
7	http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
8	http://www.mozilla.org/security/announce/2011/mfsa2011-12.html	Vendor Advisory
9	http://www.securityfocus.com/bid/47653
10	https://bugzilla.mozilla.org/show_bug.cgi?id=645289	Patch
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993
12	http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird
13	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993
14	https://bugzilla.mozilla.org/show_bug.cgi?id=645289	Patch
15	http://www.securityfocus.com/bid/47653
16	http://www.mozilla.org/security/announce/2011/mfsa2011-12.html	Vendor Advisory
17	http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
18	http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
19	http://www.debian.org/security/2011/dsa-2235
20	http://www.debian.org/security/2011/dsa-2228
21	http://www.debian.org/security/2011/dsa-2227
22	http://downloads.avaya.com/css/P8/documents/100144158

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:3.6.2:::::::*
cpe:2.3:a:mozilla:firefox:3.6.3:::::::*
cpe:2.3:a:mozilla:firefox:3.6.15:::::::*
cpe:2.3:a:mozilla:firefox:3.6.11:::::::*
cpe:2.3:a:mozilla:firefox:3.6.8:::::::*
cpe:2.3:a:mozilla:firefox:3.6.9:::::::*
cpe:2.3:a:mozilla:firefox:3.6.14:::::::*
cpe:2.3:a:mozilla:firefox:3.6.12:::::::*
cpe:2.3:a:mozilla:firefox:3.6.6:::::::*
cpe:2.3:a:mozilla:firefox:3.6.16:::::::*
cpe:2.3:a:mozilla:firefox:3.6.1:::::::*
cpe:2.3:a:mozilla:firefox:3.6.10:::::::*
cpe:2.3:a:mozilla:firefox:3.6.7:::::::*
cpe:2.3:a:mozilla:firefox:3.6.4:::::::*
cpe:2.3:a:mozilla:firefox:3.6.13:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
cpe:2.3:a:mozilla:firefox:4.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
cpe:2.3:a:mozilla:firefox:4.0:beta7::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:mozilla:thunderbird:3.1.8:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.7:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.2:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.9:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.1:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.4:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.3:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.6:::::::*