Alert GCSA-10031 - Vulnerabilita' multiple nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10031
Data : 24 marzo 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.2
Mozilla Firefox versioni precedenti alla 3.5.8
Mozilla Firefox versioni precedenti alla 3.0.18
Mozilla Thunderbird versioni precedenti alla 3.0.2
Mozilla SeaMonkey versioni precedenti alla 2.0.3
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.2, 3.5.8 o 3.0.18 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.2 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.3 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-09.html
http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
http://www.mozilla.org/security/announce/2010/mfsa2010-12.html
http://www.mozilla.org/security/announce/2010/mfsa2010-13.html
http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html
VuPen:
http://www.vupen.com/english/advisories/2010/0692
http://www.vupen.com/english/advisories/2010/0684
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS6n8vPOB+SpikaiRAQJwGgP+LwKfZTJwVDpmP2medZ4+A18kXtIMsq+x
hBRXsFfO0YKvWIO8Osmbt71bD0B6OBHNCE8ceYDstXrilrC999yDf4+o4xM1k18O
RJIbWMIzaVTgBWntsqCxugXfcuyrhtlMnINUZGl3o7i1auSzMNaIfvdv7f8aSudj
T1kDNNbxdQ8=
=PK8z
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10031
Data : 24 marzo 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.2
Mozilla Firefox versioni precedenti alla 3.5.8
Mozilla Firefox versioni precedenti alla 3.0.18
Mozilla Thunderbird versioni precedenti alla 3.0.2
Mozilla SeaMonkey versioni precedenti alla 2.0.3
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.2, 3.5.8 o 3.0.18 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.2 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.3 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-09.html
http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
http://www.mozilla.org/security/announce/2010/mfsa2010-12.html
http://www.mozilla.org/security/announce/2010/mfsa2010-13.html
http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html
VuPen:
http://www.vupen.com/english/advisories/2010/0692
http://www.vupen.com/english/advisories/2010/0684
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS6n8vPOB+SpikaiRAQJwGgP+LwKfZTJwVDpmP2medZ4+A18kXtIMsq+x
hBRXsFfO0YKvWIO8Osmbt71bD0B6OBHNCE8ceYDstXrilrC999yDf4+o4xM1k18O
RJIbWMIzaVTgBWntsqCxugXfcuyrhtlMnINUZGl3o7i1auSzMNaIfvdv7f8aSudj
T1kDNNbxdQ8=
=PK8z
-----END PGP SIGNATURE-----