Alert GCSA-10160 - Vulnerabilita' in Mozilla Firefox 3.6.10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10160
Data : 22 ottobre 2010
Titolo : Vulnerabilita' in Mozilla Firefox 3.6.10
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Firefox
serie 3.6.x con nuove funzionalita' e vari aggiornamenti
relativi alla sicurezza.
E' stato rilasciata anche una nuova versione di Firefox
serie 3.5.x ma viene comunque suggerito di passare
alla serie 3.6 .
:: Software interessato
Firefox versioni precedenti alla 3.6.11
Firefox versioni precedenti alla 3.5.14
:: Impatto
Bypass dei controlli di sicurezza
Cross Site Scripting
Spoofing
Privilege escalation
System access
:: Soluzione
Aggiornare Firefox alla versione 3.6.11
http://www.mozilla-europe.org/it/firefox/3.6.11/releasenotes/
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Firefox alla versione 3.5.14
http://www.mozilla.com/en-US/firefox/3.5.14/releasenotes/
http://www.mozilla.com/en-US/firefox/all-older.html
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0782.html
Ubuntu Security Notice
http://www.ubuntu.com/usn/usn-997-1
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTMGEQvOB+SpikaiRAQLduQQAk18NGAzJA6FadiubsE9jn9srbLSrUw5K
Off1+8KZaIfaqcy49kB8cKNjqQPau6twkHeNUHtXuhInvL6JJXuc4Of7lbhokRJj
TlghJaKuTN4SHDkdCqczQnyJ8vpS5Ez8NC+QGQxaML0WZywb6Ftg79fDs/g+mrsd
okuwtc9BQYg=
=NHk1
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10160
Data : 22 ottobre 2010
Titolo : Vulnerabilita' in Mozilla Firefox 3.6.10
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di Mozilla Firefox
serie 3.6.x con nuove funzionalita' e vari aggiornamenti
relativi alla sicurezza.
E' stato rilasciata anche una nuova versione di Firefox
serie 3.5.x ma viene comunque suggerito di passare
alla serie 3.6 .
:: Software interessato
Firefox versioni precedenti alla 3.6.11
Firefox versioni precedenti alla 3.5.14
:: Impatto
Bypass dei controlli di sicurezza
Cross Site Scripting
Spoofing
Privilege escalation
System access
:: Soluzione
Aggiornare Firefox alla versione 3.6.11
http://www.mozilla-europe.org/it/firefox/3.6.11/releasenotes/
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
Aggiornare Firefox alla versione 3.5.14
http://www.mozilla.com/en-US/firefox/3.5.14/releasenotes/
http://www.mozilla.com/en-US/firefox/all-older.html
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176
Red Hat Support
https://rhn.redhat.com/errata/RHSA-2010-0782.html
Ubuntu Security Notice
http://www.ubuntu.com/usn/usn-997-1
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTMGEQvOB+SpikaiRAQLduQQAk18NGAzJA6FadiubsE9jn9srbLSrUw5K
Off1+8KZaIfaqcy49kB8cKNjqQPau6twkHeNUHtXuhInvL6JJXuc4Of7lbhokRJj
TlghJaKuTN4SHDkdCqczQnyJ8vpS5Ez8NC+QGQxaML0WZywb6Ftg79fDs/g+mrsd
okuwtc9BQYg=
=NHk1
-----END PGP SIGNATURE-----