Alert GCSA-11079 - Vulnerabilita' in Mozilla Firefox e Thunderbird
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11079
Data : 9 Novembre 2011
Titolo : Vulnerabilita' in Mozilla Firefox e Thunderbird
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Mozilla Firefox e Thunderbird,
che potrebbero essere sfruttate per rivelare informazioni sensibili,
condurre attacchi di tipo cross-site scripting, oltrepassare restrizioni di sicurezza e,
potenzialmente, per compromettere un sistema che ne sia affetto.
Maggiori dettagli sono disponibili nelle segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Mozilla Firefox 3.6.x e 7.x
Mozilla Thunderbird 3.1.x e 7.x
:: Impatto
System access
Security Bypass
Cross Site Scripting
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.24 o 8.0 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alle versioni 3.1.16 o 8.0 :
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2011/mfsa2011-46.html
http://www.mozilla.org/security/announce/2011/mfsa2011-47.html
http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html
http://www.mozilla.org/security/announce/2011/mfsa2011-51.html
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655
Secunia:
http://secunia.com/advisories/46757/
http://secunia.com/advisories/46773/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTrpZgPOB+SpikaiRAQKjYAP/X0jK1X1LjMk6ayrzWfqCHvjBTsoB3OvM
rf7dUaMNeGqNZ+YHj3eGZSDMhUYGk09yVGfHlfhL4MBYUwKgvwq5n0K+RnVKdXlL
sP03aO1uktwOzxHGMsMgttLrvdPh8OFUo4UxwkWb63x003C+UsUU+Jwe0bQDSi2+
xyQ73QOZsAw=
=fjjn
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11079
Data : 9 Novembre 2011
Titolo : Vulnerabilita' in Mozilla Firefox e Thunderbird
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Mozilla Firefox e Thunderbird,
che potrebbero essere sfruttate per rivelare informazioni sensibili,
condurre attacchi di tipo cross-site scripting, oltrepassare restrizioni di sicurezza e,
potenzialmente, per compromettere un sistema che ne sia affetto.
Maggiori dettagli sono disponibili nelle segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
Mozilla Firefox 3.6.x e 7.x
Mozilla Thunderbird 3.1.x e 7.x
:: Impatto
System access
Security Bypass
Cross Site Scripting
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.24 o 8.0 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alle versioni 3.1.16 o 8.0 :
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2011/mfsa2011-46.html
http://www.mozilla.org/security/announce/2011/mfsa2011-47.html
http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html
http://www.mozilla.org/security/announce/2011/mfsa2011-51.html
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655
Secunia:
http://secunia.com/advisories/46757/
http://secunia.com/advisories/46773/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTrpZgPOB+SpikaiRAQKjYAP/X0jK1X1LjMk6ayrzWfqCHvjBTsoB3OvM
rf7dUaMNeGqNZ+YHj3eGZSDMhUYGk09yVGfHlfhL4MBYUwKgvwq5n0K+RnVKdXlL
sP03aO1uktwOzxHGMsMgttLrvdPh8OFUo4UxwkWb63x003C+UsUU+Jwe0bQDSi2+
xyQ73QOZsAw=
=fjjn
-----END PGP SIGNATURE-----