Alert GCSA-09050 - Vulnerabilita' multiple in Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09050
Data : 18 Giugno 2009
Titolo : Vulnerabilita' multiple in Mozilla Firefox
*****************************************************************************
Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple in Mozilla Firefox che potrebbero
essere sfruttate da un attaccante per permettere l'esposizione di informazioni
sensibili, aggirare alcune restrizioni di sicurezza, o per compromettere un
sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Mozilla.
Piattaforme e Software interessati:
Mozilla Firefox 3.x
Impatto:
Denial of Service
Esposizione di informazioni sensibli
Security bypass
Possibile compromissione del sistema
Soluzione:
Aggiornare Firefox alla versione 3.0.11:
http://www.mozilla.com/firefox/
Riferimenti:
Mozilla:
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
Secunia:
http://secunia.com/secunia_research/2009-19/
http://secunia.com/advisories/35331/
VuPen:
http://www.vupen.com/english/advisories/2009/1572
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSjpOS/OB+SpikaiRAQKBYwQAy2wkG/CfvN9Xj34MgiFk6p4SP2dDpM2C
0RoBYRo2MYWgnr8YbccusouxIO+IfIvX0Vs/YnPsnpK/kyEwGYcQpgCE/JbTbXg5
YO5vwJktGa+HuPZbkpBS2fGwcaK6X4SvvRLuczU88GJ+bzwnDkCjRGLayWmgWRBj
OUAPQi21VEE=
=DuJK
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-09050
Data : 18 Giugno 2009
Titolo : Vulnerabilita' multiple in Mozilla Firefox
*****************************************************************************
Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple in Mozilla Firefox che potrebbero
essere sfruttate da un attaccante per permettere l'esposizione di informazioni
sensibili, aggirare alcune restrizioni di sicurezza, o per compromettere un
sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Mozilla.
Piattaforme e Software interessati:
Mozilla Firefox 3.x
Impatto:
Denial of Service
Esposizione di informazioni sensibli
Security bypass
Possibile compromissione del sistema
Soluzione:
Aggiornare Firefox alla versione 3.0.11:
http://www.mozilla.com/firefox/
Riferimenti:
Mozilla:
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
Secunia:
http://secunia.com/secunia_research/2009-19/
http://secunia.com/advisories/35331/
VuPen:
http://www.vupen.com/english/advisories/2009/1572
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSjpOS/OB+SpikaiRAQKBYwQAy2wkG/CfvN9Xj34MgiFk6p4SP2dDpM2C
0RoBYRo2MYWgnr8YbccusouxIO+IfIvX0Vs/YnPsnpK/kyEwGYcQpgCE/JbTbXg5
YO5vwJktGa+HuPZbkpBS2fGwcaK6X4SvvRLuczU88GJ+bzwnDkCjRGLayWmgWRBj
OUAPQi21VEE=
=DuJK
-----END PGP SIGNATURE-----