Alert GCSA-16009 - Vulnerabilita' multiple in Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**********************************************************************
Alert ID: GCSA-16009
Data: 29 Gennaio 2016
Titolo: Vulnerabilita' multiple in Mozilla Firefox
**********************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilità in Mozilla Firefox per
mezzo delle quali: un utente remoto puo' causare l'esecuzione di codice
arbitrario, puo' ottenere privilegi piu' elevati causare denial of
service, puo' superare i controlli di sicurezza, un utente
remoto puo' ottenere informazioni potenzialmente sensibili in un
sistema affetto, puo' spoofare le URL
Per una descrizione completa delle vulnerabilita' consultare le
segnalazioni ufficiali.
:: Piattaforme e Software interessati
Mozilla Firefox e Firefox ESR versioni precedenti la 44 e 38.6
su Linux, Unix e Windows
:: Impatto
Rivelazione informazioni sensibili
Esecuzione remota di codice arbitrario
URL spoofing
Security bypass
:: Soluzione
Aggiornare Mozilla Firefox alle versioni:
Firefox 44
Firefox ESR 38.6
:: Riferimenti
Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
Security Tracker
http://www.securitytracker.com/id/1034825
http://www.securitytracker.com/id/1034826
http://www.securitytracker.com/id/1034835
http://www.securitytracker.com/id/1034836
http://www.securitytracker.com/id/1034841
Redhat
http://rhn.redhat.com/errata/RHSA-2016-0071.html
Oracle
http://linux.oracle.com/errata/ELSA-2016-0071.html
Ubuntu
http://www.ubuntu.com/usn/usn-2880-1
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2015-7208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1948
GARR CERT Security Alert - subscribe/unsubscribe: http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlarmHgACgkQwZxMk2USYEIGMwCg0dbEQFDWTi79FIR+mQNaq+k0
I2AAoLnNe8hMDFn2A9veGbOAb1L+Qzdg
=WKnE
-----END PGP SIGNATURE-----
Hash: SHA1
**********************************************************************
Alert ID: GCSA-16009
Data: 29 Gennaio 2016
Titolo: Vulnerabilita' multiple in Mozilla Firefox
**********************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilità in Mozilla Firefox per
mezzo delle quali: un utente remoto puo' causare l'esecuzione di codice
arbitrario, puo' ottenere privilegi piu' elevati causare denial of
service, puo' superare i controlli di sicurezza, un utente
remoto puo' ottenere informazioni potenzialmente sensibili in un
sistema affetto, puo' spoofare le URL
Per una descrizione completa delle vulnerabilita' consultare le
segnalazioni ufficiali.
:: Piattaforme e Software interessati
Mozilla Firefox e Firefox ESR versioni precedenti la 44 e 38.6
su Linux, Unix e Windows
:: Impatto
Rivelazione informazioni sensibili
Esecuzione remota di codice arbitrario
URL spoofing
Security bypass
:: Soluzione
Aggiornare Mozilla Firefox alle versioni:
Firefox 44
Firefox ESR 38.6
:: Riferimenti
Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
Security Tracker
http://www.securitytracker.com/id/1034825
http://www.securitytracker.com/id/1034826
http://www.securitytracker.com/id/1034835
http://www.securitytracker.com/id/1034836
http://www.securitytracker.com/id/1034841
Redhat
http://rhn.redhat.com/errata/RHSA-2016-0071.html
Oracle
http://linux.oracle.com/errata/ELSA-2016-0071.html
Ubuntu
http://www.ubuntu.com/usn/usn-2880-1
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2015-7208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1948
GARR CERT Security Alert - subscribe/unsubscribe: http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlarmHgACgkQwZxMk2USYEIGMwCg0dbEQFDWTi79FIR+mQNaq+k0
I2AAoLnNe8hMDFn2A9veGbOAb1L+Qzdg
=WKnE
-----END PGP SIGNATURE-----