Alert GCSA-13015 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13015
Data : 20 Febbraio 2013
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti Mozilla Firefox,
Thunderbird e Seamonkey che potrebbero essere sfruttate da attaccanti remoti
per rivelare informazioni sensibili, eseguire codice arbitrario, condurre
attacchi di tipo spoofing, oltrepassare alcune restrizioni di sicurezza
e compromettere un sistema che ne sia affetto.
:: Software interessato
Mozilla Firefox versioni precedenti alla 19
Mozilla Firefox ESR 17.0.3
Mozilla Thunderbird versioni precedenti alla 17.0.3
Mozilla SeaMonkey versioni precedenti alla 2.16
:: Impatto
Spoofing
Security Bypass
Esecuzione di codice arbitrario
Esposizione di informazioni sensibili
Accesso al sistema
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 19
Aggiornare Mozilla Firefox ESR alla versione 17.0.3
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 17.0.3
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.16
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/
https://www.mozilla.org/security/announce/2013/mfsa2013-21.html
https://www.mozilla.org/security/announce/2013/mfsa2013-22.html
https://www.mozilla.org/security/announce/2013/mfsa2013-23.html
https://www.mozilla.org/security/announce/2013/mfsa2013-24.html
https://www.mozilla.org/security/announce/2013/mfsa2013-25.html
https://www.mozilla.org/security/announce/2013/mfsa2013-26.html
https://www.mozilla.org/security/announce/2013/mfsa2013-27.html
https://www.mozilla.org/security/announce/2013/mfsa2013-28.html
Secunia
http://secunia.com/advisories/52249/
http://secunia.com/advisories/52280/
http://secunia.com/advisories/52286/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0784
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRJM2mwZxMk2USYEIRAmbWAJ9wcpODw/gfxf9XqzmWKD9sOBC8dgCcDgx6
vk2bPJPBU/yCB9oYHrnK/I0=
=X/zR
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13015
Data : 20 Febbraio 2013
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti Mozilla Firefox,
Thunderbird e Seamonkey che potrebbero essere sfruttate da attaccanti remoti
per rivelare informazioni sensibili, eseguire codice arbitrario, condurre
attacchi di tipo spoofing, oltrepassare alcune restrizioni di sicurezza
e compromettere un sistema che ne sia affetto.
:: Software interessato
Mozilla Firefox versioni precedenti alla 19
Mozilla Firefox ESR 17.0.3
Mozilla Thunderbird versioni precedenti alla 17.0.3
Mozilla SeaMonkey versioni precedenti alla 2.16
:: Impatto
Spoofing
Security Bypass
Esecuzione di codice arbitrario
Esposizione di informazioni sensibili
Accesso al sistema
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 19
Aggiornare Mozilla Firefox ESR alla versione 17.0.3
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 17.0.3
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.16
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/
https://www.mozilla.org/security/announce/2013/mfsa2013-21.html
https://www.mozilla.org/security/announce/2013/mfsa2013-22.html
https://www.mozilla.org/security/announce/2013/mfsa2013-23.html
https://www.mozilla.org/security/announce/2013/mfsa2013-24.html
https://www.mozilla.org/security/announce/2013/mfsa2013-25.html
https://www.mozilla.org/security/announce/2013/mfsa2013-26.html
https://www.mozilla.org/security/announce/2013/mfsa2013-27.html
https://www.mozilla.org/security/announce/2013/mfsa2013-28.html
Secunia
http://secunia.com/advisories/52249/
http://secunia.com/advisories/52280/
http://secunia.com/advisories/52286/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0784
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRJM2mwZxMk2USYEIRAmbWAJ9wcpODw/gfxf9XqzmWKD9sOBC8dgCcDgx6
vk2bPJPBU/yCB9oYHrnK/I0=
=X/zR
-----END PGP SIGNATURE-----