{"id":13530,"date":"2019-06-26T11:55:18","date_gmt":"2019-06-26T03:55:18","guid":{"rendered":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/?p=13530"},"modified":"2019-06-26T11:56:16","modified_gmt":"2019-06-26T03:56:16","slug":"13530","status":"publish","type":"post","link":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/archives\/13530","title":{"rendered":"\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Firefox\u700f\u89bd\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e(CVE-2019-11707)\uff0c\u5141\u8a31\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc"},"content":{"rendered":"<h3 align=\"center\">\u6559\u80b2\u6a5f\u69cbANA\u901a\u5831\u5e73\u53f0<\/h3>\n<table border=\"1\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td>\u767c\u4f48\u7de8\u865f<\/td>\n<td>TACERT-ANA-2019062101063636<\/td>\n<td>\u767c\u4f48\u6642\u9593<\/td>\n<td>2019-06-21 13:31:38<\/td>\n<\/tr>\n<tr>\n<td>\u4e8b\u6545\u985e\u578b<\/td>\n<td>ANA-\u6f0f\u6d1e\u9810\u8b66<\/td>\n<td>\u767c\u73fe\u6642\u9593<\/td>\n<td>2019-06-19 00:00:00<\/td>\n<\/tr>\n<tr>\n<td>\u5f71\u97ff\u7b49\u7d1a<\/td>\n<td>\u9ad8<\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\">[\u4e3b\u65e8\u8aaa\u660e:]<\/p>\n<p>\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Firefox\u700f\u89bd\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e(<wbr><\/wbr>CVE-2019-11707)\uff0c<wbr><\/wbr>\u5141\u8a31\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u8acb\u5118\u901f\u78ba\u8a8d\u4e26\u9032\u884c\u66f4\u65b0<\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\">[\u5167\u5bb9\u8aaa\u660e:]<\/p>\n<p>\u8f49\u767c\u570b\u5bb6\u8cc7\u5b89\u8cc7\u8a0a\u5206\u4eab\u8207\u5206\u6790\u4e2d\u5fc3 \u8cc7\u5b89\u8a0a\u606f\u8b66\u8a0a NISAC-ANA-201906-0140<\/p>\n<p>Google Project Zero\u7814\u7a76\u4eba\u54e1\u767c\u73feFirefox\u700f\u89bd\u5668\u4f7f\u7528Array.<wbr><\/wbr>pop\u51fd\u6578\u8655\u7406JavaScript\u7269\u4ef6\u6642\uff0c\u53ef\u80fd\u5f15\u767c\u985e\u578b\u6df7\u6dc6(<wbr><\/wbr>Type confusion)\u7684\u5b89\u5168\u6f0f\u6d1e(CVE-2019-<wbr><\/wbr>11707)\uff0c\u653b\u64ca\u8005\u53ef\u900f\u904e\u8a98\u9a19\u53d7\u5bb3\u8005\u9ede\u64ca\u60e1\u610f\u9023\u7d50\uff0c<wbr><\/wbr>\u9032\u800c\u9020\u6210\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002<\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\">[\u5f71\u97ff\u5e73\u53f0:]<\/p>\n<p>Firefox 67.0.3\u4ee5\u524d\u7248\u672c<\/p>\n<p>Firefox ESR 60.7.1\u4ee5\u524d\u7248\u672c<\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\">[\u5efa\u8b70\u63aa\u65bd:]<\/p>\n<p>1.\u8acb\u78ba\u8a8d\u700f\u89bd\u5668\u7248\u672c\uff0c\u9ede\u64ca\u700f\u89bd\u5668\u9078\u55ae\u6309\u9215\uff0c\u9ede\u9078\u300c\u8aaa\u660e\u300d&#8211;&gt;<wbr><\/wbr>\u300c\u95dc\u65bcFirefox\u300d\uff0c\u53ef\u67e5\u770b\u7576\u524d\u4f7f\u7528\u7684Mozilla Firefox\u700f\u89bd\u5668\u662f\u5426\u70ba\u53d7\u5f71\u97ff\u4e4b\u7248\u672c\u3002<\/p>\n<p>2.\u66f4\u65b0\u65b9\u5f0f\u5982\u4e0b\uff1a<\/p>\n<p>(1)\u958b\u555f\u700f\u89bd\u5668\uff0c\u9ede\u64ca\u9078\u55ae\u6309\u9215\uff0c\u9ede\u9078\u300c\u8aaa\u660e\u300d&#8211;&gt;\u300c<wbr><\/wbr>\u95dc\u65bcFirefox\u300d\uff0c\u700f\u89bd\u5668\u5c07\u57f7\u884c\u7248\u672c\u6aa2\u67e5\u8207\u66f4\u65b0\u3002<\/p>\n<p>(2)\u9ede\u64ca\u300c\u91cd\u65b0\u555f\u52d5\u4ee5\u66f4\u65b0Firefox\u300d\u5b8c\u6210\u66f4\u65b0\u3002<\/p>\n<p>3.\u4fdd\u6301\u826f\u597d\u4f7f\u7528\u7fd2\u6163\uff0c\u8acb\u52ff\u9ede\u64ca\u4f86\u8def\u4e0d\u660e\u7684\u7db2\u5740\u9023\u7d50\u3002<\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\">[\u53c3\u8003\u8cc7\u6599:]<\/p>\n<p>1. <a class=\"m_7096104811191927264moz-txt-link-freetext\" href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2019-18\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2019-18\/&amp;source=gmail&amp;ust=1561606938108000&amp;usg=AFQjCNFJ6nQCbyh17rXFHiFQuSuBLhCYkg\">https:\/\/www.mozilla.org\/en-US\/<wbr><\/wbr>security\/advisories\/mfsa2019-<wbr><\/wbr>18\/<\/a><\/p>\n<p>2. <a class=\"m_7096104811191927264moz-txt-link-freetext\" href=\"https:\/\/thehackernews.com\/2019\/06\/mozilla-firefox-patch-update.html\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/thehackernews.com\/2019\/06\/mozilla-firefox-patch-update.html&amp;source=gmail&amp;ust=1561606938108000&amp;usg=AFQjCNHpbmwNbE5LqKaNHFM6CFbo6SE7Gw\">https:\/\/thehackernews.com\/<wbr><\/wbr>2019\/06\/mozilla-firefox-patch-<wbr><\/wbr>update.html<\/a><\/p>\n<p>3. <a class=\"m_7096104811191927264moz-txt-link-freetext\" href=\"https:\/\/www.tenable.com\/blog\/cve-2019-11707-critical-type-confusion-zero-day-in-mozilla-firefox-exploited-in-the-wild\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/www.tenable.com\/blog\/cve-2019-11707-critical-type-confusion-zero-day-in-mozilla-firefox-exploited-in-the-wild&amp;source=gmail&amp;ust=1561606938108000&amp;usg=AFQjCNGAFETIj1nxAqyHVT4K6JtydpLqGQ\">https:\/\/www.tenable.com\/blog\/<wbr><\/wbr>cve-2019-11707-critical-type-<wbr><\/wbr>confusion-zero-day-in-mozilla-<wbr><\/wbr>firefox-exploited-in-the-wild<\/a><\/p>\n<p>4. <a class=\"m_7096104811191927264moz-txt-link-freetext\" href=\"https:\/\/www.jpcert.or.jp\/at\/2019\/at190027.html\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/www.jpcert.or.jp\/at\/2019\/at190027.html&amp;source=gmail&amp;ust=1561606938108000&amp;usg=AFQjCNH4Gb1O2XNyNARTXnqUm5U1Cyo8Hg\">https:\/\/www.jpcert.or.jp\/at\/<wbr><\/wbr>2019\/at190027.html<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>\u6559\u80b2\u6a5f\u69cbANA\u901a\u5831\u5e73\u53f0 \u767c\u4f48\u7de8\u865f TACERT-ANA-2019062101063636 \u767c\u4f48\u6642\u9593 2019-06-21 13:31:38 \u4e8b\u6545\u985e\u578b ANA-\u6f0f\u6d1e\u9810\u8b66 \u767c\u73fe\u6642\u9593 2019-06-19 00:00:00 \u5f71\u97ff\u7b49\u7d1a \u9ad8 [\u4e3b\u65e8\u8aaa\u660e:]<\/p>\n<p>\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Firefox\u700f\u89bd\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e(CVE-2019-11707)\uff0c\u5141\u8a31\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u8acb\u5118\u901f\u78ba\u8a8d\u4e26\u9032\u884c\u66f4\u65b0 [\u5167\u5bb9\u8aaa\u660e:]<\/p>\n<p>\u8f49\u767c\u570b\u5bb6\u8cc7\u5b89\u8cc7\u8a0a\u5206\u4eab\u8207\u5206\u6790\u4e2d\u5fc3 \u8cc7\u5b89\u8a0a\u606f\u8b66\u8a0a NISAC-ANA-201906-0140<\/p>\n<p>Google Project Zero\u7814\u7a76\u4eba\u54e1\u767c\u73feFirefox\u700f\u89bd\u5668\u4f7f\u7528Array.pop\u51fd\u6578\u8655\u7406JavaScript\u7269\u4ef6\u6642\uff0c\u53ef\u80fd\u5f15\u767c\u985e\u578b\u6df7\u6dc6(Type confusion)\u7684\u5b89\u5168\u6f0f\u6d1e(CVE-2019-11707)\uff0c\u653b\u64ca\u8005\u53ef\u900f\u904e\u8a98\u9a19\u53d7\u5bb3\u8005\u9ede\u64ca\u60e1\u610f\u9023\u7d50\uff0c\u9032\u800c\u9020\u6210\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002 [\u5f71\u97ff\u5e73\u53f0:]<\/p>\n<p>Firefox 67.0.3\u4ee5\u524d\u7248\u672c<\/p>\n<p>Firefox ESR 60.7.1\u4ee5\u524d\u7248\u672c [\u5efa\u8b70\u63aa\u65bd:]<\/p>\n<p>1.\u8acb\u78ba\u8a8d\u700f\u89bd\u5668\u7248\u672c\uff0c\u9ede\u64ca\u700f\u89bd\u5668\u9078\u55ae\u6309\u9215\uff0c\u9ede\u9078\u300c\u8aaa\u660e\u300d&#8211;&gt;\u300c\u95dc\u65bcFirefox\u300d\uff0c\u53ef\u67e5\u770b\u7576\u524d\u4f7f\u7528\u7684Mozilla Firefox\u700f\u89bd\u5668\u662f\u5426\u70ba\u53d7\u5f71\u97ff\u4e4b\u7248\u672c\u3002<\/p>\n<p>2.\u66f4\u65b0\u65b9\u5f0f\u5982\u4e0b\uff1a<\/p>\n<p>(1)\u958b\u555f\u700f\u89bd\u5668\uff0c\u9ede\u64ca\u9078\u55ae\u6309\u9215\uff0c\u9ede\u9078\u300c\u8aaa\u660e\u300d&#8211;&gt;\u300c\u95dc\u65bcFirefox\u300d\uff0c\u700f\u89bd\u5668\u5c07\u57f7\u884c\u7248\u672c\u6aa2\u67e5\u8207\u66f4\u65b0\u3002<\/p>\n<p>(2)\u9ede\u64ca\u300c\u91cd\u65b0\u555f\u52d5\u4ee5\u66f4\u65b0Firefox\u300d\u5b8c\u6210\u66f4\u65b0\u3002<\/p>\n<p>3.\u4fdd\u6301\u826f\u597d\u4f7f\u7528\u7fd2\u6163\uff0c\u8acb\u52ff\u9ede\u64ca\u4f86\u8def\u4e0d\u660e\u7684\u7db2\u5740\u9023\u7d50\u3002 [\u53c3\u8003\u8cc7\u6599:]<\/p>\n<p>1. https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2019-18\/<\/p>\n<p>2. https:\/\/thehackernews.com\/2019\/06\/mozilla-firefox-patch-update.html<\/p>\n<p>3. https:\/\/www.tenable.com\/blog\/cve-2019-11707-critical-type-confusion-zero-day-in-mozilla-firefox-exploited-in-the-wild<\/p>\n<p>4. https:\/\/www.jpcert.or.jp\/at\/2019\/at190027.html [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/13530"}],"collection":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/comments?post=13530"}],"version-history":[{"count":0,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/13530\/revisions"}],"wp:attachment":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/media?parent=13530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/categories?post=13530"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/tags?post=13530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}