Alert GCSA-09060 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09060
Data : 24 Luglio 2009
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema:
Mozilla ha pubblicato un security advisory relativo a varie
vulnerabilita' presenti nei prodotti Firefox e Thunderbird.
:: Piattaforme e Software interessati:
Mozilla Firefox versioni precedenti la 3.5.1
Mozilla Thunderbird versioni fino alla 2.0.0.22
:: Impatto:
Bypass dei controlli di sicurezza
Compromissione del sistema
Cross Site Scripting
:: Soluzione:
Aggiornare Firefox alla versione 3.5.1
http://www.mozilla.com/en-US/firefox/
Aggiornare a Thunderbird 2.0.0.23 (non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Il produttore raccomanda di disabilitare Javascript fino a che non sara'
disponibile una versione non vulnerabile.
:: Riferimenti:
Known Vulnerabilities in Mozilla Products
http://www.mozilla.org/security/known-vulnerabilities/
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472
Secunia
http://secunia.com/advisories/35914
http://secunia.com/advisories/35943
VuPEN (ex FrSIRT)
http://www.vupen.com/english/advisories/2009/1972
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSmm9MPOB+SpikaiRAQL+CQP/S8ZHyXKdRA9eSlNm1JtTTWd8RDh27NTi
70KWGoNdpegFMa+CMxFGCHmaOhC7gRxw531wgI30u0wtKyuzCgNcNQ4mR1MyStZe
d92aw+CHkvsKp2+I6CJKtNs12Dmn2n/uJODN4NSn3ZbRfEP6WFl77CNWaSoq41RK
+hamIv1BM5M=
=JGX8
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09060
Data : 24 Luglio 2009
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema:
Mozilla ha pubblicato un security advisory relativo a varie
vulnerabilita' presenti nei prodotti Firefox e Thunderbird.
:: Piattaforme e Software interessati:
Mozilla Firefox versioni precedenti la 3.5.1
Mozilla Thunderbird versioni fino alla 2.0.0.22
:: Impatto:
Bypass dei controlli di sicurezza
Compromissione del sistema
Cross Site Scripting
:: Soluzione:
Aggiornare Firefox alla versione 3.5.1
http://www.mozilla.com/en-US/firefox/
Aggiornare a Thunderbird 2.0.0.23 (non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Il produttore raccomanda di disabilitare Javascript fino a che non sara'
disponibile una versione non vulnerabile.
:: Riferimenti:
Known Vulnerabilities in Mozilla Products
http://www.mozilla.org/security/known-vulnerabilities/
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472
Secunia
http://secunia.com/advisories/35914
http://secunia.com/advisories/35943
VuPEN (ex FrSIRT)
http://www.vupen.com/english/advisories/2009/1972
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSmm9MPOB+SpikaiRAQL+CQP/S8ZHyXKdRA9eSlNm1JtTTWd8RDh27NTi
70KWGoNdpegFMa+CMxFGCHmaOhC7gRxw531wgI30u0wtKyuzCgNcNQ4mR1MyStZe
d92aw+CHkvsKp2+I6CJKtNs12Dmn2n/uJODN4NSn3ZbRfEP6WFl77CNWaSoq41RK
+hamIv1BM5M=
=JGX8
-----END PGP SIGNATURE-----