Alert GCSA-15041 - Vulnerabilita' multiple in Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**********************************************************************
Alert ID: GCSA-15041
Data: 22 Settembre 2015
Titolo: Vulnerabilita' multiple in Mozilla Firefox
**********************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilità in Mozilla Firefox per
mezzo delle quali: un utente remoto puo' creare contenuti che, se
caricati nel sistema vittima possono causare l'esecuzione di codice
arbitrario, un utente locale puo' ottenere privilegi piu' elevati, un
utente remoto puo' superare i controlli di sicurezza, un utente
remoto puo' ottenere informazioni potenzialmente sensibili in un
sistema affetto.
Per una descrizione completa delle vulnerabilita' consultare le
segnalazioni ufficiali.
:: Piattaforme e Software interessati
Mozilla Firefox e Firefox ESR versioni precedenti la 41 e 38.3
su Linux, Unix e Windows
:: Impatto
Rivelazione informazioni sensibili
Aumento di privilegi
Esecuzione remota di codice arbitrario
URL spoofing
Security bypass
:: Soluzione
Aggiornare Mozilla Firefox alle versioni:
Firefox 41
Firefox ESR 38.3
:: Riferimenti
Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/
Security Tracker
http://securitytracker.com/id/1033640
http://securitytracker.com/id/1033641
http://securitytracker.com/id/1033642
Redhat
https://rhn.redhat.com/errata/RHSA-2015-1834.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlYCe5QACgkQwZxMk2USYEI2tQCfeHUr/QpBsUm8uwTFN2tcQ6GF
nV0AmwcVZNYNdVrrpRVBeG3VpJDYt9B9
=lbM1
-----END PGP SIGNATURE-----
Hash: SHA1
**********************************************************************
Alert ID: GCSA-15041
Data: 22 Settembre 2015
Titolo: Vulnerabilita' multiple in Mozilla Firefox
**********************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilità in Mozilla Firefox per
mezzo delle quali: un utente remoto puo' creare contenuti che, se
caricati nel sistema vittima possono causare l'esecuzione di codice
arbitrario, un utente locale puo' ottenere privilegi piu' elevati, un
utente remoto puo' superare i controlli di sicurezza, un utente
remoto puo' ottenere informazioni potenzialmente sensibili in un
sistema affetto.
Per una descrizione completa delle vulnerabilita' consultare le
segnalazioni ufficiali.
:: Piattaforme e Software interessati
Mozilla Firefox e Firefox ESR versioni precedenti la 41 e 38.3
su Linux, Unix e Windows
:: Impatto
Rivelazione informazioni sensibili
Aumento di privilegi
Esecuzione remota di codice arbitrario
URL spoofing
Security bypass
:: Soluzione
Aggiornare Mozilla Firefox alle versioni:
Firefox 41
Firefox ESR 38.3
:: Riferimenti
Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/
Security Tracker
http://securitytracker.com/id/1033640
http://securitytracker.com/id/1033641
http://securitytracker.com/id/1033642
Redhat
https://rhn.redhat.com/errata/RHSA-2015-1834.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlYCe5QACgkQwZxMk2USYEI2tQCfeHUr/QpBsUm8uwTFN2tcQ6GF
nV0AmwcVZNYNdVrrpRVBeG3VpJDYt9B9
=lbM1
-----END PGP SIGNATURE-----