Alert GCSA-14019 - Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14019
Data: 13 giugno 2014
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox e Thunderbird che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 30.0
Thunderbird versioni precedenti alla 24.6
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
Denial of service
:: Soluzioni
Aggiornare Firefox alla versione 30.0
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 24.6
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/en-US/firefox/30.0/releasenotes/
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
https://www.mozilla.org/security/announce/2014/mfsa2014-54.html
https://www.mozilla.org/security/announce/2014/mfsa2014-53.html
https://www.mozilla.org/security/announce/2014/mfsa2014-52.html
https://www.mozilla.org/security/announce/2014/mfsa2014-51.html
https://www.mozilla.org/security/announce/2014/mfsa2014-50.html
https://www.mozilla.org/security/announce/2014/mfsa2014-49.html
https://www.mozilla.org/security/announce/2014/mfsa2014-48.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1542
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFTmsgbwZxMk2USYEIRArFIAKDZTeepdUNGP4E3iPXEimHhEcXbKQCfQuXQ
UpR8YHSsUJIObA8YnEQu+n8=
=rSeu
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14019
Data: 13 giugno 2014
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox e Thunderbird che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 30.0
Thunderbird versioni precedenti alla 24.6
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
Denial of service
:: Soluzioni
Aggiornare Firefox alla versione 30.0
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 24.6
http://www.mozilla.org/it/thunderbird/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/en-US/firefox/30.0/releasenotes/
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
https://www.mozilla.org/security/announce/2014/mfsa2014-54.html
https://www.mozilla.org/security/announce/2014/mfsa2014-53.html
https://www.mozilla.org/security/announce/2014/mfsa2014-52.html
https://www.mozilla.org/security/announce/2014/mfsa2014-51.html
https://www.mozilla.org/security/announce/2014/mfsa2014-50.html
https://www.mozilla.org/security/announce/2014/mfsa2014-49.html
https://www.mozilla.org/security/announce/2014/mfsa2014-48.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1542
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFTmsgbwZxMk2USYEIRArFIAKDZTeepdUNGP4E3iPXEimHhEcXbKQCfQuXQ
UpR8YHSsUJIObA8YnEQu+n8=
=rSeu
-----END PGP SIGNATURE-----