Alert GCSA-08071 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-08071
Data : 16 Luglio 2008
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Sono stati pubblicati due Security Advisory relativi a vulnerabilita'
presenti nei prodotti Mozilla.
Nota: Thunderbird e' vulnerabile solo se JavaScript e' stato abilitato.
Questa opzione e' disabilitata per default.
:: Piattaforme e Software interessati
Firefox versioni precedenti alla 3.0.1
Firefox versioni precedenti alla 2.0.0.16
Thunderbird versioni precedenti alla 2.0.0.16
SeaMonkey versioni precedenti alla 1.1.11
:: Impatto
arbitrary code execution
security restrictions bypass
:: Soluzione
Aggiornare Firefox alla versione 2.0.0.16 o alla 3.0.1
http://www.mozilla.com/en-US/firefox/all-older.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Thunderbird alla versione 2.0.0.16
(non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Aggiornare SeaMonkey alla versione 1.1.11
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933
ZDI
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/29802
http://www.securityfocus.com/bid/30242
Secunia
http://secunia.com/advisories/31120/
http://secunia.com/advisories/31106/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSH4HDvOB+SpikaiRAQKx3QQAkO8d/Z3kwFfkZB6g3X8gzPtqm7eOCl0k
9mX6t7mrxPyHlmTXEPZFmZhX4CQqoFMSzv2bfKXuuJGIGm+Y0kvQk7uuQLqq5ZbI
xydE+gVeG2eJwr8F0v/VjLVOpzeliGx0O7ZdlXwR4osFstwSjAvqz60vY0VXA7Ji
KITc7kyJ0FU=
=Xtu+
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-08071
Data : 16 Luglio 2008
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Sono stati pubblicati due Security Advisory relativi a vulnerabilita'
presenti nei prodotti Mozilla.
Nota: Thunderbird e' vulnerabile solo se JavaScript e' stato abilitato.
Questa opzione e' disabilitata per default.
:: Piattaforme e Software interessati
Firefox versioni precedenti alla 3.0.1
Firefox versioni precedenti alla 2.0.0.16
Thunderbird versioni precedenti alla 2.0.0.16
SeaMonkey versioni precedenti alla 1.1.11
:: Impatto
arbitrary code execution
security restrictions bypass
:: Soluzione
Aggiornare Firefox alla versione 2.0.0.16 o alla 3.0.1
http://www.mozilla.com/en-US/firefox/all-older.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Thunderbird alla versione 2.0.0.16
(non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Aggiornare SeaMonkey alla versione 1.1.11
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933
ZDI
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/29802
http://www.securityfocus.com/bid/30242
Secunia
http://secunia.com/advisories/31120/
http://secunia.com/advisories/31106/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSH4HDvOB+SpikaiRAQKx3QQAkO8d/Z3kwFfkZB6g3X8gzPtqm7eOCl0k
9mX6t7mrxPyHlmTXEPZFmZhX4CQqoFMSzv2bfKXuuJGIGm+Y0kvQk7uuQLqq5ZbI
xydE+gVeG2eJwr8F0v/VjLVOpzeliGx0O7ZdlXwR4osFstwSjAvqz60vY0VXA7Ji
KITc7kyJ0FU=
=Xtu+
-----END PGP SIGNATURE-----