Alert GCSA-15010 - Vulnerabilita- nei prodotti Mozilla (Firefox, Thunderbird)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15010
Data: 26 Febbraio 2015
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox e Thunderbird che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 36.0
Thunderbird versioni precedenti alla 31.5
:: Impatto
Denial of service
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Modifica di informazioni di sistema
Escalation di privilegi per utenti locali
:: Soluzioni
Aggiornare Firefox alla versione 36.0
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 31.5
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html\
SecurityTracker
http://www.securitytracker.com/id/1031791
http://www.securitytracker.com/id/1031792
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlTu/BMACgkQwZxMk2USYEI2yACfclNS1bzRXi7zwy8alaBzbZ3Z
OnMAoKKTBY8JNpJLynHm/lE1Soswhca7
=Qtqw
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15010
Data: 26 Febbraio 2015
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox e Thunderbird che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 36.0
Thunderbird versioni precedenti alla 31.5
:: Impatto
Denial of service
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Modifica di informazioni di sistema
Escalation di privilegi per utenti locali
:: Soluzioni
Aggiornare Firefox alla versione 36.0
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 31.5
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html\
SecurityTracker
http://www.securitytracker.com/id/1031791
http://www.securitytracker.com/id/1031792
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlTu/BMACgkQwZxMk2USYEI2yACfclNS1bzRXi7zwy8alaBzbZ3Z
OnMAoKKTBY8JNpJLynHm/lE1Soswhca7
=Qtqw
-----END PGP SIGNATURE-----