Alert GCSA-16033 - Vulnerabilita' multiple in Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-16033
Data: 3 Agosto 2016
Titolo: Vulnerabilita' multiple in Mozilla Firefox
******************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilita' in Mozilla Firefox sfruttando le quali un utente remoto puo' eseguire codice arbitrario sul sistema utente
che ne sia affetto.
Un utente locale potrebbe ottenere privilegi elevati, mentre un utente remoto potrebbe oltrepassare i controlli di sicurezza, ottenere informazioni
sensibili, falsificare contenuti e modificare file.
Per una descrizione completa delle vulnerabilita' consultare le segnalazioni ufficiali.
:: Software interessato
Mozilla Firefox e Firefox ESR versioni precedenti la 48 e 45.3
:: Impatto
Rivelazione di informazioni utente e di sistema
Modifica di informazioni utente e di sistema
Esecuzione di codice arbitrario
Accesso utente via sistema locale o via rete
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni:
Firefox 48
Firefox ESR 45.3
:: Riferimenti
Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
Security Tracker
http://www.securitytracker.com/id/1036508
I riferimenti CVE sono disponibili
nelle segnalazioni originali.
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFXoevdwZxMk2USYEIRAm6kAKCgwjyLedgraeCMHPUBUn5QqVjqSgCfSWut
VgECk0h1XcKRcWsaEXfxKDU=
=6qra
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-16033
Data: 3 Agosto 2016
Titolo: Vulnerabilita' multiple in Mozilla Firefox
******************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilita' in Mozilla Firefox sfruttando le quali un utente remoto puo' eseguire codice arbitrario sul sistema utente
che ne sia affetto.
Un utente locale potrebbe ottenere privilegi elevati, mentre un utente remoto potrebbe oltrepassare i controlli di sicurezza, ottenere informazioni
sensibili, falsificare contenuti e modificare file.
Per una descrizione completa delle vulnerabilita' consultare le segnalazioni ufficiali.
:: Software interessato
Mozilla Firefox e Firefox ESR versioni precedenti la 48 e 45.3
:: Impatto
Rivelazione di informazioni utente e di sistema
Modifica di informazioni utente e di sistema
Esecuzione di codice arbitrario
Accesso utente via sistema locale o via rete
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni:
Firefox 48
Firefox ESR 45.3
:: Riferimenti
Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
Security Tracker
http://www.securitytracker.com/id/1036508
I riferimenti CVE sono disponibili
nelle segnalazioni originali.
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFXoevdwZxMk2USYEIRAm6kAKCgwjyLedgraeCMHPUBUn5QqVjqSgCfSWut
VgECk0h1XcKRcWsaEXfxKDU=
=6qra
-----END PGP SIGNATURE-----