Alert GCSA-12050 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12050
Data : 29 agosto 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi
di tipo spoofing e cross-site scripting, ottenere informazioni
sensibili, oltrepassare alcune restrizioni di sicurezza e
compromettere un sistema che ne sia affetto.
:: Software interessato
Mozilla SeaMonkey versioni precedenti alla 2.12
Mozilla Firefox versioni precedenti alla 15
Mozilla Thunderbird versioni precedenti alla 15
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 15
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 15
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.12
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/en-US/firefox/15.0/releasenotes/buglist.html
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1210.html
https://rhn.redhat.com/errata/RHSA-2012-1211.html
Mandriva Linux Security Advisory
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:145
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:146
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:147
-----BEGIN PGP SIGNATURE-----
iD8DBQFQPjcswZxMk2USYEIRApMFAJ9v03yzh9EfyvyPwQVeEcuRMMI0rwCeOlnE
Hm0kyMSlyf4xgKyHvg+RovQ=
=f05L
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12050
Data : 29 agosto 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi
di tipo spoofing e cross-site scripting, ottenere informazioni
sensibili, oltrepassare alcune restrizioni di sicurezza e
compromettere un sistema che ne sia affetto.
:: Software interessato
Mozilla SeaMonkey versioni precedenti alla 2.12
Mozilla Firefox versioni precedenti alla 15
Mozilla Thunderbird versioni precedenti alla 15
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 15
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 15
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.12
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/en-US/firefox/15.0/releasenotes/buglist.html
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1210.html
https://rhn.redhat.com/errata/RHSA-2012-1211.html
Mandriva Linux Security Advisory
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:145
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:146
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:147
-----BEGIN PGP SIGNATURE-----
iD8DBQFQPjcswZxMk2USYEIRApMFAJ9v03yzh9EfyvyPwQVeEcuRMMI0rwCeOlnE
Hm0kyMSlyf4xgKyHvg+RovQ=
=f05L
-----END PGP SIGNATURE-----