Alert GCSA-09083 - Vulnerabilita' multiple in Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09083
Data : 10 Settembre 2009
Titolo : Vulnerabilita' multiple in Mozilla Firefox
******************************************************************
:: Descrizione del problema
Sono state riscontrate alcune vulnerabilita' in Mozilla Firefox che potrebbero
essere sfruttate da un attaccante per oltrepassare restrizioni di sicurezza,
condurre attacchi di tipo spoofing o per compromettere un sistema che ne sia
afetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Mozilla.
:: Software interessato
Mozilla Firefox 3.0.x
Mozilla Firefox 3.5.x
:: Impatto
Spoofing
Esecuzione di codice arbitrario
POssibile compromissione del sistema
Security Bypass
:: Soluzioni
Aggiornare Firefox alle versioni 3.0.14 o 3.5.3.
http://www.mozilla.com/firefox/
:: Riferimenti
Mozilla Foundation:
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://www.mozilla.org/security/announce/2009/mfsa2009-48.html
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
http://www.mozilla.org/security/announce/2009/mfsa2009-50.html
http://www.mozilla.org/security/announce/2009/mfsa2009-51.html
Secunia
http://secunia.com/advisories/36671
VuPEN
http://www.vupen.com/english/advisories/2009/2585
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSqj26fOB+SpikaiRAQJ5TgP/c62eKU5qA7EE5A+6cfUcJ4BcuXdJXVRX
rA3uWUrBWFz0CQElGUmBLqgU8qWmWZj7syq2eu+Sl5kpAg3XA5p7zpF4xE5n+eYE
vyKL/i2AAmoAIs2fM0rig6peVCohrCbBEggcweghjDfoNZJZ0TU+FXI8tZ9hUdsg
cWkZjhHCahU=
=s3Ll
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09083
Data : 10 Settembre 2009
Titolo : Vulnerabilita' multiple in Mozilla Firefox
******************************************************************
:: Descrizione del problema
Sono state riscontrate alcune vulnerabilita' in Mozilla Firefox che potrebbero
essere sfruttate da un attaccante per oltrepassare restrizioni di sicurezza,
condurre attacchi di tipo spoofing o per compromettere un sistema che ne sia
afetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Mozilla.
:: Software interessato
Mozilla Firefox 3.0.x
Mozilla Firefox 3.5.x
:: Impatto
Spoofing
Esecuzione di codice arbitrario
POssibile compromissione del sistema
Security Bypass
:: Soluzioni
Aggiornare Firefox alle versioni 3.0.14 o 3.5.3.
http://www.mozilla.com/firefox/
:: Riferimenti
Mozilla Foundation:
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://www.mozilla.org/security/announce/2009/mfsa2009-48.html
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
http://www.mozilla.org/security/announce/2009/mfsa2009-50.html
http://www.mozilla.org/security/announce/2009/mfsa2009-51.html
Secunia
http://secunia.com/advisories/36671
VuPEN
http://www.vupen.com/english/advisories/2009/2585
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSqj26fOB+SpikaiRAQJ5TgP/c62eKU5qA7EE5A+6cfUcJ4BcuXdJXVRX
rA3uWUrBWFz0CQElGUmBLqgU8qWmWZj7syq2eu+Sl5kpAg3XA5p7zpF4xE5n+eYE
vyKL/i2AAmoAIs2fM0rig6peVCohrCbBEggcweghjDfoNZJZ0TU+FXI8tZ9hUdsg
cWkZjhHCahU=
=s3Ll
-----END PGP SIGNATURE-----