Alert GCSA-21122 - Aggiornamento di sicurezza per prodotti Mozilla

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1






******************************************************************

Alert ID: GCSA-21122
Data: 4 Novembre 2021
Titolo: Aggiornamento di sicurezza per prodotti Mozilla

******************************************************************

:: Descrizione del problema

Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e Thunderbird con le quali risolve vulnerabilita' multiple.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Firefox versioni precedenti alla 94
Firefox ESR versioni precedenti alla 91.3
Thunderbird versioni precedenti alla 91.3


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Denial of Service
Spoofing


:: Soluzioni

Aggiornare i prodotti Mozilla alle ultime versioni
Firefox 94
Firefox ESR 91.3
Thunderbird 91.3

https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
https://www.mozilla.org/en-US/firefox/organizations/
https://support.mozilla.org/en-US/kb/update-firefox-latest-release


:: Riferimenti

Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/

CSIRT Italia
https://csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-mozilla-firefox-al01-211103-csirt-ita

US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/mozilla-releases-security-updates-firefox-firefox-esr-and

CIS - Center of Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-could-allow-for-arbitrary-code-execution_2021-142/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38510




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert





-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYYPfEgAKCRDBnEyTZRJg
Qm9uAJ9TqJCnzUaKYt40GCUuWtd8GWqJPwCcDBjiU49iMqZncyih5yY+ruTFbCo=
=xZ4m
-----END PGP SIGNATURE-----