Alert GCSA-14043 - Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14043
Data: 5 Dicembre 2014
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox e Thunderbird che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 34.0
Thunderbird versioni precedenti alla 31.3
:: Impatto
Denial of service
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Modifica di informazioni di sistema
:: Soluzioni
Aggiornare Firefox alla versione 34.0
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 31.3
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/
https://www.mozilla.org/en-US/firefox/34.0/releasenotes/
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-85/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-87/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-88/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-89/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/
SecurityTracker
http://www.securitytracker.com/id/1031286
http://www.securitytracker.com/id/1031287
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8632
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlSBkxMACgkQwZxMk2USYELY5QCgsAK2bN6O4CD8xMtKD33rzOT+
2KAAoNBjTKUu83H75Y/mgnxc3jtPeKqS
=v5yS
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14043
Data: 5 Dicembre 2014
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox e Thunderbird che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 34.0
Thunderbird versioni precedenti alla 31.3
:: Impatto
Denial of service
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Modifica di informazioni di sistema
:: Soluzioni
Aggiornare Firefox alla versione 34.0
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 31.3
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/
https://www.mozilla.org/en-US/firefox/34.0/releasenotes/
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-85/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-87/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-88/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-89/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/
SecurityTracker
http://www.securitytracker.com/id/1031286
http://www.securitytracker.com/id/1031287
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8632
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlSBkxMACgkQwZxMk2USYELY5QCgsAK2bN6O4CD8xMtKD33rzOT+
2KAAoNBjTKUu83H75Y/mgnxc3jtPeKqS
=v5yS
-----END PGP SIGNATURE-----