Alert GCSA-10126 - Vulnerabilita' in Mozilla Thunderbird 3.1.x
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10126
Data : 10 settembre 2010
Titolo : Vulnerabilita' in Mozilla Thunderbird 3.1.x
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Thunderbird
con aggiornamenti relativi alla stabilita' e alla sicurezza.
E' stata rilasciata anche una nuova versione per la serie 3.0.x
ma viene comunque suggerito di passare alla serie 3.1 .
http://www.mozilla.com/en-US/thunderbird/all-older.html
:: Software interessato
Thunderbird versioni precedenti alla 3.1.3
Thunderbird versioni precedenti alla 3.0.7
:: Impatto
Esecuzione remota di codice arbitrario
Cross Site Scripting
Bypass dei controlli di sicurezza
Compromissione del sistema
Esposizione di informazioni sensibili
Denial of Service
:: Soluzione
Aggiornare Thunderbird alla versione 3.1.3
http://www.mozillamessaging.com/en-US/thunderbird/3.1.3/releasenotes/
http://www.mozillamessaging.com/it/thunderbird/
http://www.mozillamessaging.com/en-US/thunderbird/all.html
Aggiornare Thunderbird alla versione 3.0.7
http://www.mozilla.com/en-US/thunderbird/all-older.html
http://www.mozillamessaging.com/en-US/thunderbird/3.0.7/releasenotes/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html#thunderbird3.0.7
http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.3
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760
Secunia
http://secunia.com/advisories/41304/
Vupen Security
http://www.vupen.com/english/advisories/2010/2323
Ubuntu
http://www.ubuntu.com/usn/usn-978-1
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0682.html
Debian
http://lists.debian.org/debian-security-announce/2010/msg00153.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTIn2ffOB+SpikaiRAQLHWQQAtQgPox35/am3QaDnlix7oee2H0SHSx07
WKdsZNUfeGWlRQ9dLPVDkZiyLdIPOL9UQa9F7mjm8xQ9O/lXgiI7xbWRhYB2KtSt
IJevacDEXR2OqcNAXG7rraSnmz/QJNxs3Kody8WJ+qblqw2BE8AtgaV4o5KYXoZN
l10vM31eF8c=
=8yIa
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10126
Data : 10 settembre 2010
Titolo : Vulnerabilita' in Mozilla Thunderbird 3.1.x
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Thunderbird
con aggiornamenti relativi alla stabilita' e alla sicurezza.
E' stata rilasciata anche una nuova versione per la serie 3.0.x
ma viene comunque suggerito di passare alla serie 3.1 .
http://www.mozilla.com/en-US/thunderbird/all-older.html
:: Software interessato
Thunderbird versioni precedenti alla 3.1.3
Thunderbird versioni precedenti alla 3.0.7
:: Impatto
Esecuzione remota di codice arbitrario
Cross Site Scripting
Bypass dei controlli di sicurezza
Compromissione del sistema
Esposizione di informazioni sensibili
Denial of Service
:: Soluzione
Aggiornare Thunderbird alla versione 3.1.3
http://www.mozillamessaging.com/en-US/thunderbird/3.1.3/releasenotes/
http://www.mozillamessaging.com/it/thunderbird/
http://www.mozillamessaging.com/en-US/thunderbird/all.html
Aggiornare Thunderbird alla versione 3.0.7
http://www.mozilla.com/en-US/thunderbird/all-older.html
http://www.mozillamessaging.com/en-US/thunderbird/3.0.7/releasenotes/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html#thunderbird3.0.7
http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.3
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760
Secunia
http://secunia.com/advisories/41304/
Vupen Security
http://www.vupen.com/english/advisories/2010/2323
Ubuntu
http://www.ubuntu.com/usn/usn-978-1
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0682.html
Debian
http://lists.debian.org/debian-security-announce/2010/msg00153.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTIn2ffOB+SpikaiRAQLHWQQAtQgPox35/am3QaDnlix7oee2H0SHSx07
WKdsZNUfeGWlRQ9dLPVDkZiyLdIPOL9UQa9F7mjm8xQ9O/lXgiI7xbWRhYB2KtSt
IJevacDEXR2OqcNAXG7rraSnmz/QJNxs3Kody8WJ+qblqw2BE8AtgaV4o5KYXoZN
l10vM31eF8c=
=8yIa
-----END PGP SIGNATURE-----