Alert GCSA-26056 - Aggiornamento di sicurezza per prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-26056
Data: 8 Aprile 2026
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti Mozilla,
che potrebbero consentire ad un attaccante remoto di eseguire
codice arbitrario ed innescare condizioni di Denial of Service su un sistema affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 149.0.2
Firefox ESR versioni precedenti alla 115.34.1
Firefox ESR versioni precedenti alla 140.9.1
Thunderbird versioni precedenti alla 140.9.1
Thunderbird versioni precedenti alla 149.0.2
:: Impatto
Remote Code Execution
Denial of Service
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5735
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCadYXNgAKCRDBnEyTZRJg
Qq4iAKC6n2AeOkm9ILTRh7JWazmDXb8JQQCgiQNhErMChEwM7dqgK0hZs3xQlnQ=
=VKRO
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-26056
Data: 8 Aprile 2026
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti Mozilla,
che potrebbero consentire ad un attaccante remoto di eseguire
codice arbitrario ed innescare condizioni di Denial of Service su un sistema affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 149.0.2
Firefox ESR versioni precedenti alla 115.34.1
Firefox ESR versioni precedenti alla 140.9.1
Thunderbird versioni precedenti alla 140.9.1
Thunderbird versioni precedenti alla 149.0.2
:: Impatto
Remote Code Execution
Denial of Service
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5735
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCadYXNgAKCRDBnEyTZRJg
Qq4iAKC6n2AeOkm9ILTRh7JWazmDXb8JQQCgiQNhErMChEwM7dqgK0hZs3xQlnQ=
=VKRO
-----END PGP SIGNATURE-----