Alert GCSA-09007 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09007
Data : 05 Febbraio 2009
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Mozilla ha pubblicato un security advisory relativo a varie
vulnerabilita' presenti nei prodotti Firefox, Thunderbird e SeaMonkey.
:: Piattaforme e Software interessati
Mozilla Firefox versioni 3.0.5 e precedenti
Mozilla SeaMonkey versioni 1.1.14 e precedenti
Mozilla Thunderbird versioni 2.0.0.20 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Bypass dei controlli di sicurezza
Compromissione del sistema
Cross Site Scripting
Denial of Service
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare Firefox alla versione 3.0.6
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
Aggiornare a Thunderbird 2.0.0.21 (non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Aggiornare SeaMonkey alla versione 1.1.15
http://www.seamonkey-project.org/releases/
:: Riferimenti
Known Vulnerabilities in Mozilla Products
http://www.mozilla.org/security/known-vulnerabilities/
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/33598
Secunia
http://secunia.com/advisories/33799/
http://secunia.com/advisories/33802/
http://secunia.com/advisories/33808/
Vupen (ex FrSIRT)
http://www.vupen.com/english/advisories/2009/0313
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSYq6IvOB+SpikaiRAQIn6QP7Bwdc+bd7I0oLgnS9nrF9by64oxEzTSJH
yKP7mcY3rOVqQO9bWmgVzjQGk0K7APp+FdfDELUVB1a5kX2ggk2JDu0A2TwUO/51
Fpj0rUR1XYa6ZStHHSaw1mwgNbn/MSkn8+HH6Y75hybyJiOED/7Ihw+ZMYhq9Ltq
wia8F8zQdvw=
=MGNs
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09007
Data : 05 Febbraio 2009
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Mozilla ha pubblicato un security advisory relativo a varie
vulnerabilita' presenti nei prodotti Firefox, Thunderbird e SeaMonkey.
:: Piattaforme e Software interessati
Mozilla Firefox versioni 3.0.5 e precedenti
Mozilla SeaMonkey versioni 1.1.14 e precedenti
Mozilla Thunderbird versioni 2.0.0.20 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Bypass dei controlli di sicurezza
Compromissione del sistema
Cross Site Scripting
Denial of Service
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare Firefox alla versione 3.0.6
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
Aggiornare a Thunderbird 2.0.0.21 (non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Aggiornare SeaMonkey alla versione 1.1.15
http://www.seamonkey-project.org/releases/
:: Riferimenti
Known Vulnerabilities in Mozilla Products
http://www.mozilla.org/security/known-vulnerabilities/
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/33598
Secunia
http://secunia.com/advisories/33799/
http://secunia.com/advisories/33802/
http://secunia.com/advisories/33808/
Vupen (ex FrSIRT)
http://www.vupen.com/english/advisories/2009/0313
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSYq6IvOB+SpikaiRAQIn6QP7Bwdc+bd7I0oLgnS9nrF9by64oxEzTSJH
yKP7mcY3rOVqQO9bWmgVzjQGk0K7APp+FdfDELUVB1a5kX2ggk2JDu0A2TwUO/51
Fpj0rUR1XYa6ZStHHSaw1mwgNbn/MSkn8+HH6Y75hybyJiOED/7Ihw+ZMYhq9Ltq
wia8F8zQdvw=
=MGNs
-----END PGP SIGNATURE-----