Alert GCSA-11051 - Vulnerabilita' multiple nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11051
Data : 22 Giugno 2011
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox e Thunderbird che se sfruttate potrebbero permettere ad un
attaccante remoto di manipolare e divulgare informazioni,
scavalcare le restrizioni di sicurezza o compromettere un sistema
vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.18
Mozilla Firefox versioni precedenti alla 5
Mozilla Thunderbird versioni precedenti alla 3.1.11
:: Impatto
Esecuzione remota di codice arbitrario
Security Bypass
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.18 o 5:
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.1.11 :
http://www.mozilla.com/thunderbird
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/security/announce/2011/mfsa2011-19.html
http://www.mozilla.org/security/announce/2011/mfsa2011-20.html
http://www.mozilla.org/security/announce/2011/mfsa2011-21.html
http://www.mozilla.org/security/announce/2011/mfsa2011-22.html
http://www.mozilla.org/security/announce/2011/mfsa2011-23.html
http://www.mozilla.org/security/announce/2011/mfsa2011-24.html
Secunia
http://secunia.com/advisories/44982/
Securityfocus
http://www.securityfocus.com/bid/48372
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-223/
http://www.zerodayinitiative.com/advisories/ZDI-11-224/
http://www.zerodayinitiative.com/advisories/ZDI-11-225/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTgL2IfOB+SpikaiRAQKljgQAjhzg/SRAzF6ndysSIhuFcsMgydz05Sld
uC6xMQPsTLVuO6Yv42nD4Z5yHp1QZi4P5UxYT+8IeEhrEenR4cy+kTannPAF5CPH
NKbyfWY3Grfv85zrF9bJ09e91qstxUlyujqp7FUDzCoP1mo03dpNLKCKdLvXlqw9
g0oRm4PsKoo=
=upcD
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11051
Data : 22 Giugno 2011
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox e Thunderbird che se sfruttate potrebbero permettere ad un
attaccante remoto di manipolare e divulgare informazioni,
scavalcare le restrizioni di sicurezza o compromettere un sistema
vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.18
Mozilla Firefox versioni precedenti alla 5
Mozilla Thunderbird versioni precedenti alla 3.1.11
:: Impatto
Esecuzione remota di codice arbitrario
Security Bypass
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.18 o 5:
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.1.11 :
http://www.mozilla.com/thunderbird
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/security/announce/2011/mfsa2011-19.html
http://www.mozilla.org/security/announce/2011/mfsa2011-20.html
http://www.mozilla.org/security/announce/2011/mfsa2011-21.html
http://www.mozilla.org/security/announce/2011/mfsa2011-22.html
http://www.mozilla.org/security/announce/2011/mfsa2011-23.html
http://www.mozilla.org/security/announce/2011/mfsa2011-24.html
Secunia
http://secunia.com/advisories/44982/
Securityfocus
http://www.securityfocus.com/bid/48372
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-223/
http://www.zerodayinitiative.com/advisories/ZDI-11-224/
http://www.zerodayinitiative.com/advisories/ZDI-11-225/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTgL2IfOB+SpikaiRAQKljgQAjhzg/SRAzF6ndysSIhuFcsMgydz05Sld
uC6xMQPsTLVuO6Yv42nD4Z5yHp1QZi4P5UxYT+8IeEhrEenR4cy+kTannPAF5CPH
NKbyfWY3Grfv85zrF9bJ09e91qstxUlyujqp7FUDzCoP1mo03dpNLKCKdLvXlqw9
g0oRm4PsKoo=
=upcD
-----END PGP SIGNATURE-----