Alert GCSA-10161 - Vulnerabilita' in Mozilla Thunderbird 3.1.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10161
Data : 22 ottobre 2010
Titolo : Vulnerabilita' in Mozilla Thunderbird 3.1.4
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Thunderbird
con aggiornamenti relativi alla stabilita' e alla sicurezza.
E' stata rilasciata anche una nuova versione per la serie 3.0.x
ma viene comunque suggerito di passare alla serie 3.1 .
:: Software interessato
Thunderbird versioni precedenti alla 3.1.4
Thunderbird versioni precedenti alla 3.0.8
:: Impatto
Bypass dei controlli di sicurezza
Spoofing
Privilege escalation
System access
:: Soluzione
Aggiornare Thunderbird alla versione 3.1.5
http://www.mozillamessaging.com/en-US/thunderbird/3.1.5/releasenotes/
http://www.mozillamessaging.com/it/thunderbird/
http://www.mozillamessaging.com/en-US/thunderbird/all.html
Aggiornare Thunderbird alla versione 3.0.9
http://www.mozilla.com/en-US/thunderbird/all-older.html
http://www.mozillamessaging.com/en-US/thunderbird/3.0.9/releasenotes/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174
Secunia
http://secunia.com/advisories/41890/
Ubuntu
http://www.ubuntu.com/usn/usn-998-1
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0780.html
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-10-219/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTMGEiPOB+SpikaiRAQJDtQQAsjS5ffUy/UOMKGY1ixWlJkVM4WZMKq6A
QhHbObmF68kfcXnkvFiZDGWN9knLu9vHpELXhFD7uURO33a4tyAZAGYR5zvAdViT
/zs52j23oql6vx2VClfYWnDX5viSK0fjunCIrCBIYzUFghpuXQJoRlssNzHXYCyp
ZqLXy3a8NY8=
=9Mvt
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10161
Data : 22 ottobre 2010
Titolo : Vulnerabilita' in Mozilla Thunderbird 3.1.4
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Thunderbird
con aggiornamenti relativi alla stabilita' e alla sicurezza.
E' stata rilasciata anche una nuova versione per la serie 3.0.x
ma viene comunque suggerito di passare alla serie 3.1 .
:: Software interessato
Thunderbird versioni precedenti alla 3.1.4
Thunderbird versioni precedenti alla 3.0.8
:: Impatto
Bypass dei controlli di sicurezza
Spoofing
Privilege escalation
System access
:: Soluzione
Aggiornare Thunderbird alla versione 3.1.5
http://www.mozillamessaging.com/en-US/thunderbird/3.1.5/releasenotes/
http://www.mozillamessaging.com/it/thunderbird/
http://www.mozillamessaging.com/en-US/thunderbird/all.html
Aggiornare Thunderbird alla versione 3.0.9
http://www.mozilla.com/en-US/thunderbird/all-older.html
http://www.mozillamessaging.com/en-US/thunderbird/3.0.9/releasenotes/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174
Secunia
http://secunia.com/advisories/41890/
Ubuntu
http://www.ubuntu.com/usn/usn-998-1
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0780.html
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-10-219/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTMGEiPOB+SpikaiRAQJDtQQAsjS5ffUy/UOMKGY1ixWlJkVM4WZMKq6A
QhHbObmF68kfcXnkvFiZDGWN9knLu9vHpELXhFD7uURO33a4tyAZAGYR5zvAdViT
/zs52j23oql6vx2VClfYWnDX5viSK0fjunCIrCBIYzUFghpuXQJoRlssNzHXYCyp
ZqLXy3a8NY8=
=9Mvt
-----END PGP SIGNATURE-----