Alert GCSA-17051 - Vulnerabilita' nei prodotti Mozilla (Thunderbird)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-17051
Data: 13 Agosto 2017
Titolo: Vulnerabilita' nei prodotti Mozilla (Thunderbird)
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del browser Mozilla Thunderbird
che risolve varie vulnerabilita' potenzialmente sfruttabili da
aggressori per condurre attacchi.
:: Software interessato
Thunderbird versioni precedenti alla 52.3
:: Impatto
Esecuzione di codice arbitrario
Denial of service
Accesso ad informazioni sensibili
Attacchi di tipo cross-site scripting
Bypass dei controlli di sicurezza
:: Soluzioni
Aggiornare Thunderbird all'ultima versione
https://www.mozilla.org/it/thunderbird/new/
:: Riferimenti
Mozilla Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2017/08/21/Mozilla-Releases-Security-Update
Riferimenti CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlmdVzcACgkQwZxMk2USYEKwrACeNOsO9Zg+YkPaL/QVNFuaHBuX
vfkAoIA3GWk1oeyzFiRQr65jJhe6Mspa
=XY88
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-17051
Data: 13 Agosto 2017
Titolo: Vulnerabilita' nei prodotti Mozilla (Thunderbird)
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del browser Mozilla Thunderbird
che risolve varie vulnerabilita' potenzialmente sfruttabili da
aggressori per condurre attacchi.
:: Software interessato
Thunderbird versioni precedenti alla 52.3
:: Impatto
Esecuzione di codice arbitrario
Denial of service
Accesso ad informazioni sensibili
Attacchi di tipo cross-site scripting
Bypass dei controlli di sicurezza
:: Soluzioni
Aggiornare Thunderbird all'ultima versione
https://www.mozilla.org/it/thunderbird/new/
:: Riferimenti
Mozilla Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2017/08/21/Mozilla-Releases-Security-Update
Riferimenti CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlmdVzcACgkQwZxMk2USYEKwrACeNOsO9Zg+YkPaL/QVNFuaHBuX
vfkAoIA3GWk1oeyzFiRQr65jJhe6Mspa
=XY88
-----END PGP SIGNATURE-----