Alert GCSA-24104 - Aggiornamento di sicurezza per prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-24104
data: 7 agosto 2024
titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox e Firefox ESR
con le quali risolve varie vulnerabilita', delle quali 11 con gravita' alta.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 129
Firefox ESR versioni precedenti alla 115.14
Firefox ESR versioni precedenti alla 128.1
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Data manipulation
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)
Spoofing
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-35/
Firefox - Release Notes
https://www.mozilla.org/en-US/firefox/129.0/releasenotes/
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2024-086
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al06-240806-csirt-ita
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7531
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZrMeFgAKCRDBnEyTZRJg
QodXAJ9xD2ngJCnyw6ujKIZ3ALwPtXu19ACglDCw2bVu+cZAUZsK8ugAFDVKaiQ=
=jwiR
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-24104
data: 7 agosto 2024
titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox e Firefox ESR
con le quali risolve varie vulnerabilita', delle quali 11 con gravita' alta.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 129
Firefox ESR versioni precedenti alla 115.14
Firefox ESR versioni precedenti alla 128.1
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Data manipulation
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)
Spoofing
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-35/
Firefox - Release Notes
https://www.mozilla.org/en-US/firefox/129.0/releasenotes/
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2024-086
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al06-240806-csirt-ita
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7531
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZrMeFgAKCRDBnEyTZRJg
QodXAJ9xD2ngJCnyw6ujKIZ3ALwPtXu19ACglDCw2bVu+cZAUZsK8ugAFDVKaiQ=
=jwiR
-----END PGP SIGNATURE-----