Alert GCSA-09034 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09034
Data : 22 Aprile 2009
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema:
Mozilla ha pubblicato un security advisory relativo a varie
vulnerabilita' presenti nei prodotti Firefox, Thunderbird e SeaMonkey.
:: Piattaforme e Software interessati:
Mozilla Firefox versioni precedenti la 3.0.9
Mozilla SeaMonkey versioni precedenti la 1.1.17
Mozilla Thunderbird versioni precedenti la 2.0.0.22
:: Impatto:
Esecuzione remota di codice arbitrario
Bypass dei controlli di sicurezza
Compromissione del sistema
Cross Site Scripting
Denial of Service
Esposizione di informazioni sensibili
:: Soluzione:
Aggiornare Firefox alla versione 3.0.9
http://www.mozilla.com/en-US/firefox/
Aggiornare a Thunderbird 2.0.0.22 (non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Il produttore raccomanda di disabilitare Javascript fino a che non sara'
disponibile una versione non vulnerabile.
Aggiornare SeaMonkey alla versione 1.1.17 (non ancora disponibile)
http://www.mozilla.org/projects/seamonkey/
Il produttore raccomanda di disabilitare Javascript fino a che non sara'
disponibile una versione non vulnerabile.
Non navigare in siti non fidati e non aprire e-mail da sorgenti non fidate.
:: Riferimenti:
Known Vulnerabilities in Mozilla Products
http://www.mozilla.org/security/known-vulnerabilities/
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312
Secunia
http://secunia.com/advisories/34758
http://secunia.com/advisories/34780
http://secunia.com/advisories/34835
VuPEN (ex FrSIRT)
http://www.vupen.com/english/advisories/2009/1125
http://www.vupen.com/english/advisories/2009/1123
http://www.vupen.com/english/advisories/2009/1124
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSe8G2vOB+SpikaiRAQIsCwP+NFZAR9die79agG7UE3wdyPGAVM8je91c
C80cYIKEa1R5RE8rdqFAL/wb79h/sleXbSgTM2vdEuL9rEKlLsRhoZbtB5zBdt35
u1YhQgq7BHVuOQ7hESM/+tu0wc40EgBUzK67/OxmDPbggP5G8KEjBZbHOUUYKVp6
VBuTb4QSybI=
=2hZM
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09034
Data : 22 Aprile 2009
Titolo : Vulnerabilita' nei prodotti Mozilla
*****************************************************************************
:: Descrizione del problema:
Mozilla ha pubblicato un security advisory relativo a varie
vulnerabilita' presenti nei prodotti Firefox, Thunderbird e SeaMonkey.
:: Piattaforme e Software interessati:
Mozilla Firefox versioni precedenti la 3.0.9
Mozilla SeaMonkey versioni precedenti la 1.1.17
Mozilla Thunderbird versioni precedenti la 2.0.0.22
:: Impatto:
Esecuzione remota di codice arbitrario
Bypass dei controlli di sicurezza
Compromissione del sistema
Cross Site Scripting
Denial of Service
Esposizione di informazioni sensibili
:: Soluzione:
Aggiornare Firefox alla versione 3.0.9
http://www.mozilla.com/en-US/firefox/
Aggiornare a Thunderbird 2.0.0.22 (non ancora disponibile)
http://www.mozilla.com/en-US/thunderbird/
Il produttore raccomanda di disabilitare Javascript fino a che non sara'
disponibile una versione non vulnerabile.
Aggiornare SeaMonkey alla versione 1.1.17 (non ancora disponibile)
http://www.mozilla.org/projects/seamonkey/
Il produttore raccomanda di disabilitare Javascript fino a che non sara'
disponibile una versione non vulnerabile.
Non navigare in siti non fidati e non aprire e-mail da sorgenti non fidate.
:: Riferimenti:
Known Vulnerabilities in Mozilla Products
http://www.mozilla.org/security/known-vulnerabilities/
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312
Secunia
http://secunia.com/advisories/34758
http://secunia.com/advisories/34780
http://secunia.com/advisories/34835
VuPEN (ex FrSIRT)
http://www.vupen.com/english/advisories/2009/1125
http://www.vupen.com/english/advisories/2009/1123
http://www.vupen.com/english/advisories/2009/1124
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSe8G2vOB+SpikaiRAQIsCwP+NFZAR9die79agG7UE3wdyPGAVM8je91c
C80cYIKEa1R5RE8rdqFAL/wb79h/sleXbSgTM2vdEuL9rEKlLsRhoZbtB5zBdt35
u1YhQgq7BHVuOQ7hESM/+tu0wc40EgBUzK67/OxmDPbggP5G8KEjBZbHOUUYKVp6
VBuTb4QSybI=
=2hZM
-----END PGP SIGNATURE-----