Alert GCSA-17060 - Vulnerabilita' nei prodotti Mozilla (Firefox)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-17060
Data: 29 Settembre 2017
Titolo: Vulnerabilita' nei prodotti Mozilla (Firefox)
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del browser Mozilla Firefox
che risolve varie vulnerabilita' potenzialmente sfruttabili da
aggressori per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 56
Firefox versioni precedenti alla ESR 52.4
:: Impatto
Esecuzione di codice arbitrario
Accesso ad informazioni sensibili
Attacchi di tipo cross-site scripting
Spoofing di URL
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://www.mozilla.org/it/firefox/new/
:: Riferimenti
Mozilla Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2017/09/28/Mozilla-Releases-Security-Updates
SecurityTracker.com
http://www.securitytracker.com/id/1039465
http://www.securitytracker.com/id/1039466
Riferimenti CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7825
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlnOKWsACgkQwZxMk2USYELZ+QCgn6xtzAJWnCov6Vceii7nWJ62
/94AnA3995YHQ1HZp9TpANPVXVA4lc1E
=ByXo
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-17060
Data: 29 Settembre 2017
Titolo: Vulnerabilita' nei prodotti Mozilla (Firefox)
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del browser Mozilla Firefox
che risolve varie vulnerabilita' potenzialmente sfruttabili da
aggressori per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 56
Firefox versioni precedenti alla ESR 52.4
:: Impatto
Esecuzione di codice arbitrario
Accesso ad informazioni sensibili
Attacchi di tipo cross-site scripting
Spoofing di URL
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://www.mozilla.org/it/firefox/new/
:: Riferimenti
Mozilla Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2017/09/28/Mozilla-Releases-Security-Updates
SecurityTracker.com
http://www.securitytracker.com/id/1039465
http://www.securitytracker.com/id/1039466
Riferimenti CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7825
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlnOKWsACgkQwZxMk2USYELZ+QCgn6xtzAJWnCov6Vceii7nWJ62
/94AnA3995YHQ1HZp9TpANPVXVA4lc1E
=ByXo
-----END PGP SIGNATURE-----