Alert GCSA-13024 - Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13024
Data : 04 Aprile 2013
Titolo : Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
che risolvono varie vulnerabilita' presenti in Firefox, Thunderbird
e seamonkey. Tali vulnerabilita' potrebbero essere sfruttate
da remoto o in locale per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 20
Thunderbird versioni precedenti alla 17.0.5
Seamonkey versioni precedenti alla 2.17
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
Denial of service
:: Soluzioni
Aggiornare Firefox alla versione 20
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 17.0.5
http://www.mozilla.org/it/thunderbird/
Aggiornare Seamonkey alla versione 2.17
http://www.seamonkey-project.org/releases/2.17
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
http://www.mozilla.org/en-US/firefox/20.0/releasenotes/buglist.html
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html
http://www.mozilla.org/security/announce/2013/mfsa2013-32.html
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html
http://www.mozilla.org/security/announce/2013/mfsa2013-34.html
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html
http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://www.mozilla.org/security/announce/2013/mfsa2013-39.html
http://www.mozilla.org/security/announce/2013/mfsa2013-40.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800
SecurityFocus BID
http://www.securityfocus.com/bid/58819
http://www.securityfocus.com/bid/58821
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2013-0696.html
https://rhn.redhat.com/errata/RHSA-2013-0697.html
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRXZVQwZxMk2USYEIRAkDTAKClQEGRek25MPP+l8eOyvJyatPo2QCghDEU
UeUjFJmtRhqwJOU74qCgiKY=
=3YL5
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13024
Data : 04 Aprile 2013
Titolo : Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
che risolvono varie vulnerabilita' presenti in Firefox, Thunderbird
e seamonkey. Tali vulnerabilita' potrebbero essere sfruttate
da remoto o in locale per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 20
Thunderbird versioni precedenti alla 17.0.5
Seamonkey versioni precedenti alla 2.17
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
Denial of service
:: Soluzioni
Aggiornare Firefox alla versione 20
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 17.0.5
http://www.mozilla.org/it/thunderbird/
Aggiornare Seamonkey alla versione 2.17
http://www.seamonkey-project.org/releases/2.17
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
http://www.mozilla.org/en-US/firefox/20.0/releasenotes/buglist.html
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html
http://www.mozilla.org/security/announce/2013/mfsa2013-32.html
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html
http://www.mozilla.org/security/announce/2013/mfsa2013-34.html
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html
http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://www.mozilla.org/security/announce/2013/mfsa2013-39.html
http://www.mozilla.org/security/announce/2013/mfsa2013-40.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800
SecurityFocus BID
http://www.securityfocus.com/bid/58819
http://www.securityfocus.com/bid/58821
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2013-0696.html
https://rhn.redhat.com/errata/RHSA-2013-0697.html
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRXZVQwZxMk2USYEIRAkDTAKClQEGRek25MPP+l8eOyvJyatPo2QCghDEU
UeUjFJmtRhqwJOU74qCgiKY=
=3YL5
-----END PGP SIGNATURE-----