Alert GCSA-08030 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-08030
Data : 26 Marzo 2008
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti Mozilla Firefox,
Thunderbird e Seamonkey che potrebbero essere sfruttate per compromettere
un sistema che ne sia affetto, fino ad ottenerne il controllo completo.
:: Piattaforme e Software interessati
Firefox versioni precedenti la 2.0.0.13
Thunderbird versioni precedenti la 2.0.0.13
SeaMonkey versioni precedenti la 1.1.9
:: Impatto
Security Bypass
Cross-site scripting attacks
Phishing attacks
Spoofing
Exposure of sensitive information
:: Soluzione
Aggiornare Firefox alla versione 2.0.0.13
http://www.mozilla.com/en-US/firefox/
Aggiornare Thunderbird alla versione 2.0.0.13 (Disponibile a breve)
http://www.mozilla.com/en-US/thunderbird/
Aggiornare SeaMonkey alla versione 1.1.9
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
http://www.mozilla.org/security/announce/2008/mfsa2008-15.html
http://www.mozilla.org/security/announce/2008/mfsa2008-16.html
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
Secunia:
http://secunia.com/advisories/29526/
http://secunia.com/advisories/29547/
http://secunia.com/advisories/29548/
FrSirt:
http://www.frsirt.com/english/advisories/2008/0998
http://www.frsirt.com/english/advisories/2008/0999
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR+ph+vOB+SpikaiRAQIlNgP/XMAMl7AWW47QJWpdSPzezi1gHE8spO4Y
uvmko4lgAKqGcYF0p7/NEwrviley1oR6Qs8IVXc+BhN35mF07m+QmFjXpWMdRRZc
5ss5n/FFawbfJN9f/KF8yL0SLmaF5pZXjTrI/kOJhRYTpVVxeo0o+bmIXbjBCqe7
cmkUlho3+PQ=
=n4tX
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-08030
Data : 26 Marzo 2008
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti Mozilla Firefox,
Thunderbird e Seamonkey che potrebbero essere sfruttate per compromettere
un sistema che ne sia affetto, fino ad ottenerne il controllo completo.
:: Piattaforme e Software interessati
Firefox versioni precedenti la 2.0.0.13
Thunderbird versioni precedenti la 2.0.0.13
SeaMonkey versioni precedenti la 1.1.9
:: Impatto
Security Bypass
Cross-site scripting attacks
Phishing attacks
Spoofing
Exposure of sensitive information
:: Soluzione
Aggiornare Firefox alla versione 2.0.0.13
http://www.mozilla.com/en-US/firefox/
Aggiornare Thunderbird alla versione 2.0.0.13 (Disponibile a breve)
http://www.mozilla.com/en-US/thunderbird/
Aggiornare SeaMonkey alla versione 1.1.9
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
http://www.mozilla.org/security/announce/2008/mfsa2008-15.html
http://www.mozilla.org/security/announce/2008/mfsa2008-16.html
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
Secunia:
http://secunia.com/advisories/29526/
http://secunia.com/advisories/29547/
http://secunia.com/advisories/29548/
FrSirt:
http://www.frsirt.com/english/advisories/2008/0998
http://www.frsirt.com/english/advisories/2008/0999
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR+ph+vOB+SpikaiRAQIlNgP/XMAMl7AWW47QJWpdSPzezi1gHE8spO4Y
uvmko4lgAKqGcYF0p7/NEwrviley1oR6Qs8IVXc+BhN35mF07m+QmFjXpWMdRRZc
5ss5n/FFawbfJN9f/KF8yL0SLmaF5pZXjTrI/kOJhRYTpVVxeo0o+bmIXbjBCqe7
cmkUlho3+PQ=
=n4tX
-----END PGP SIGNATURE-----