Alert GCSA-10125 - Vulnerabilita' in Mozilla Firefox 3.6.x
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10125
Data : 10 settembre 2010
Titolo : Vulnerabilita' in Mozilla Firefox 3.6.x
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Firefox
serie 3.6.x con nuove funzionalita' e vari aggiornamenti
relativi alla sicurezza.
E' stata rilasciata anche una nuova versione di Firefox
serie 3.5.x ma viene comunque suggerito di passare alla 3.6 .
http://www.mozilla.com/en-US/firefox/all-older.html
:: Software interessato
Firefox versioni precedenti alla 3.6.9
Firefox versioni precedenti alla 3.5.12
:: Impatto
Esecuzione remota di codice arbitrario
Cross Site Scripting
Bypass dei controlli di sicurezza
Compromissione del sistema
Esposizione di informazioni sensibili
Denial of Service
:: Soluzione
Aggiornare Firefox alla versione 3.6.9
http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Firefox alla versione 3.5.12
http://www.mozilla.com/en-US/firefox/3.5.12/releasenotes/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760
Secunia
http://secunia.com/advisories/41297/
Vupen Security
http://www.vupen.com/english/advisories/2010/2323
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0681.html
Debian
http://lists.debian.org/debian-security-announce/2010/msg00153.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTInvRvOB+SpikaiRAQLJ+gQAzSn8XmDM7iyJsyZBIy2LNM0TxiTm/et/
SJSlUFmg0J7Q6v9+nRfScSAQWhq+aysTIU+itsYE+znyDKhhtkvU1b/ejs+joS4A
ObXnF80sGjlhuGUK1SVnogO8jybleBTGteZt/vL9pVmtOmpbILMQb26BunZu0PiW
YyaaDj2ULVs=
=JFHB
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10125
Data : 10 settembre 2010
Titolo : Vulnerabilita' in Mozilla Firefox 3.6.x
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Firefox
serie 3.6.x con nuove funzionalita' e vari aggiornamenti
relativi alla sicurezza.
E' stata rilasciata anche una nuova versione di Firefox
serie 3.5.x ma viene comunque suggerito di passare alla 3.6 .
http://www.mozilla.com/en-US/firefox/all-older.html
:: Software interessato
Firefox versioni precedenti alla 3.6.9
Firefox versioni precedenti alla 3.5.12
:: Impatto
Esecuzione remota di codice arbitrario
Cross Site Scripting
Bypass dei controlli di sicurezza
Compromissione del sistema
Esposizione di informazioni sensibili
Denial of Service
:: Soluzione
Aggiornare Firefox alla versione 3.6.9
http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Firefox alla versione 3.5.12
http://www.mozilla.com/en-US/firefox/3.5.12/releasenotes/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760
Secunia
http://secunia.com/advisories/41297/
Vupen Security
http://www.vupen.com/english/advisories/2010/2323
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0681.html
Debian
http://lists.debian.org/debian-security-announce/2010/msg00153.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTInvRvOB+SpikaiRAQLJ+gQAzSn8XmDM7iyJsyZBIy2LNM0TxiTm/et/
SJSlUFmg0J7Q6v9+nRfScSAQWhq+aysTIU+itsYE+znyDKhhtkvU1b/ejs+joS4A
ObXnF80sGjlhuGUK1SVnogO8jybleBTGteZt/vL9pVmtOmpbILMQb26BunZu0PiW
YyaaDj2ULVs=
=JFHB
-----END PGP SIGNATURE-----