Alert GCSA-08116 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-08116
Data : 14 Novembre 2008
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Sono stati pubblicati Security Advisory relativi a vulnerabilita'
presenti nei prodotti Mozilla.
Nota: Thunderbird e' vulnerabile solo se JavaScript e' stato
abilitato. Questa opzione e' disabilitata per default.
:: Piattaforme e Software interessati
Firefox versioni precedenti alla 3.0.4
Thunderbird versioni precedenti alla 2.0.0.18
SeaMonkey versioni precedenti alla 1.1.13
:: Impatto
Esecuzione remota di codice arbitrario
Bypass dei controlli di sicurezza
Compromissione del sistema
Esposizione di informazioni sensibili
Esposizione di informazioni di sistema
:: Soluzione
Aggiornare Firefox alla versione 3.0.4
http://www.mozilla.com/en-US/firefox/all-older.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Thunderbird, appena possibile, alla versione 2.0.0.18
(non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Nel frattempo si consiglia di disabilitare il JavaScript
Aggiornare SeaMonkey alla versione 1.1.13
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2008/mfsa2008-47.html
http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
http://www.mozilla.org/security/announce/2008/mfsa2008-51.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-53.html
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
Secunia
http://secunia.com/advisories/32713/
http://secunia.com/advisories/32714/
http://secunia.com/advisories/32715/
FrSIRT
http://www.frsirt.com/english/advisories/2008/3146
SecurityFocus
http://www.securityfocus.com/bid/32281
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSR0/cPOB+SpikaiRAQKIswP/XKmL1KCl7PeI0mlwaPjLqaB+QdDbu+/Q
Ea86YCtWnLNN8W1abKkrNfbk2q3Xd6GyS3U0y/EeHVjyyizHrWo5GY6FHPbtqU2V
UQb780wcN3tZJV4vfwF/wR7TVIdhhgmBtCKB+AKIjJXE3mZzGdm3d+DRqSG97/Yt
tXDX5BUghgs=
=lpGY
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-08116
Data : 14 Novembre 2008
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema
Sono stati pubblicati Security Advisory relativi a vulnerabilita'
presenti nei prodotti Mozilla.
Nota: Thunderbird e' vulnerabile solo se JavaScript e' stato
abilitato. Questa opzione e' disabilitata per default.
:: Piattaforme e Software interessati
Firefox versioni precedenti alla 3.0.4
Thunderbird versioni precedenti alla 2.0.0.18
SeaMonkey versioni precedenti alla 1.1.13
:: Impatto
Esecuzione remota di codice arbitrario
Bypass dei controlli di sicurezza
Compromissione del sistema
Esposizione di informazioni sensibili
Esposizione di informazioni di sistema
:: Soluzione
Aggiornare Firefox alla versione 3.0.4
http://www.mozilla.com/en-US/firefox/all-older.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Thunderbird, appena possibile, alla versione 2.0.0.18
(non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Nel frattempo si consiglia di disabilitare il JavaScript
Aggiornare SeaMonkey alla versione 1.1.13
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2008/mfsa2008-47.html
http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
http://www.mozilla.org/security/announce/2008/mfsa2008-51.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-53.html
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
Secunia
http://secunia.com/advisories/32713/
http://secunia.com/advisories/32714/
http://secunia.com/advisories/32715/
FrSIRT
http://www.frsirt.com/english/advisories/2008/3146
SecurityFocus
http://www.securityfocus.com/bid/32281
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSR0/cPOB+SpikaiRAQKIswP/XKmL1KCl7PeI0mlwaPjLqaB+QdDbu+/Q
Ea86YCtWnLNN8W1abKkrNfbk2q3Xd6GyS3U0y/EeHVjyyizHrWo5GY6FHPbtqU2V
UQb780wcN3tZJV4vfwF/wR7TVIdhhgmBtCKB+AKIjJXE3mZzGdm3d+DRqSG97/Yt
tXDX5BUghgs=
=lpGY
-----END PGP SIGNATURE-----