본문 바로가기

벌새::Security

업데이트 : Mozilla Firefox 52.0

728x90
반응형

모질라(Mozilla) 재단에서 제공하는 오픈 소스 기반 Mozilla Firefox 웹 브라우저가 새로운 기능 추가, 버그(Bug) 수정 및 28건의 보안 취약점 문제를 해결한 Mozilla Firefox 52.0 정식 버전을 업데이트 하였습니다.

 

 

  • Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
  • Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.
  • Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
  • Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.
  • Enhanced Sync to allow users to send and open tabs from one device to another.

 

이전 Mozilla Firefox 51.0 버전부터 보안 연결(HTTPS)을 지원하지 않는 웹 페이지의 경우 주소 표시줄에 안전하지 않은 연결로 표시하는 정책을 도입하였습니다.

 

 

이번 Mozilla Firefox 52.0 버전에서는 보안 연결(HTTPS)을 지원하지 않는 로그인 폼에 마우스를 위치할 경우 "이 연결은 안전하지 않습니다. 입력된 로그인 정보가 유출될 수 있습니다." 메시지를 추가적으로 노출하도록 기능이 추가되었습니다.

 

그 외 세부적인 수정 사항은 Mozilla Firefox 52.0 Release Note 정보를 참고하시기 바랍니다.

 

보안 취약점 관련 업데이트에서는 Critical 등급(7건), High 등급(4건), Moderate 등급(11건), Low 등급(6건)에 대한 보안 패치가 포함되어 있습니다.

 

Critical 등급

 

(1) CVE-2017-5398 : Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8

 

Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

 

(2) CVE-2017-5399 : Memory safety bugs fixed in Firefox 52

 

Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and André Bargull reported memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

 

(3) CVE-2017-5400 : asm.js JIT-spray bypass of ASLR and DEP

 

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

 

(4) CVE-2017-5401 : Memory Corruption when handling ErrorResult

 

A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.

 

(5) CVE-2017-5402 : Use-after-free working with events in FontFace objects

 

A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.

 

(6) CVE-2017-5403 : Use-after-free using addRange to add range to an incorrect root object

 

When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.

 

(7) CVE-2017-5404 : Use-after-free working with ranges in selections

 

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.

 

■ High 등급

 

(1) CVE-2017-5406 : Segmentation fault in Skia with canvas operations

 

A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.

 

(2) CVE-2017-5407 : Pixel and history stealing via floating-point timing side channel with SVG filters

 

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.

 

(3) CVE-2017-5410 : Memory corruption during JavaScript garbage collection incremental sweeping

 

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.

 

(4) CVE-2017-5411 : Use-after-free in Buffer Storage in libGLES

 

A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash.

 

단, 해당 취약점은 Windows 운영 체제에서만 사용하는 libGLES 이슈로 다른 운영 체제는 영향을 받지 않습니다.

 

■ Moderate 등급

 

(1) CVE-2017-5408 : Cross-origin reading of video captions in violation of CORS

 

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.

 

(2) CVE-2017-5409 : File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service

 

The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access.

 

단, 해당 공격은 로컬 시스템 접근이 필요하며 Windows 운영 체제에만 영향을 줍니다.

 

(3) CVE-2017-5412 : Buffer overflow read in SVG filters

 

A buffer overflow read during SVG filter color value operations, resulting in data exposure.

 

(4) CVE-2017-5413 : Segmentation fault during bidirectional operations

 

A segmentation fault can occur during some bidirectional layout operations.

 

(5) CVE-2017-5414 : File picker can choose incorrect default directory

 

The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name.

 

(6) CVE-2017-5415 : Addressbar spoofing through blob URL

 

An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks.

 

(7) CVE-2017-5416 : Null dereference crash in HttpChannel

 

In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.

 

(8) CVE-2017-5417 : Addressbar spoofing by draging and dropping URLs

 

When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.

 

(9) CVE-2017-5425 : Overly permissive Gecko Media Plugin sandbox regular expression access

 

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of /private/var that could expose personal or temporary data. This has been updated to not allow access to /private/var and its subdirectories.

 

단, 해당 취약점은 OS X 운영 체제에서만 영향을 줍니다.

 

(10) CVE-2017-5426 : Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running

 

On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox.

 

단, 해당 취약점은 Linux 운영 체제에서만 영향을 줍니다.

 

(11) CVE-2017-5427 : Non-existent chrome.manifest file loaded during startup

 

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files.

 

■ Low 등급

 

(1) CVE-2017-5405 : FTP response codes can cause use of uninitialized values for ports

 

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.

 

(2) CVE-2017-5418 : Out of bounds read when parsing HTTP digest authorization responses

 

An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.

 

(3) CVE-2017-5419 : Repeated authentication prompts lead to DOS attack

 

If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack.

 

(4) CVE-2017-5420 : Javascript: URLs can obfuscate addressbar location

 

A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly.

 

(5) CVE-2017-5421 : Print preview spoofing

 

A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.

 

(6) CVE-2017-5422 : DOS attack by using view-source: protocol repeatedly in one hyperlink

 

If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable.

 

그러므로 Mozilla Firefox 웹 브라우저 사용자는 자동 업데이트(Firefox 메뉴 열기 → 도움말 메뉴 열기 → Firefox 정보) 기능을 이용하여 최신 버전으로 업데이트하시기 바랍니다.

728x90
반응형