Alert GCSA-12007 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12007
Data : 03 Febbraio 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate per accedere al sistema, ottenere informazioni
sensibili ed eseguire codice arbitrario su un sistema che ne sia
affetto.
:: Software interessato:
Mozilla SeaMonkey 2.x
Mozilla Firefox 9.x
Mozilla Firefox 3.6.x
Mozilla Thunderbird 9.x
Mozilla Thunderbird 3.1.x
:: Impatto:
Accesso al sistema
Esecuzione di codice arbitrario
Rilascio di dati sensibili
:: Soluzioni:
Aggiornare Mozilla Firefox alla versione 10.0 o 3.6.26
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 10.0 o 3.1.18
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.7
http://www.seamonkey-project.org/
:: Riferimenti:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2011/mfsa2012-01.html
http://www.mozilla.org/security/announce/2011/mfsa2012-02.html
http://www.mozilla.org/security/announce/2011/mfsa2012-03.html
http://www.mozilla.org/security/announce/2011/mfsa2012-04.html
http://www.mozilla.org/security/announce/2011/mfsa2012-05.html
http://www.mozilla.org/security/announce/2011/mfsa2012-06.html
http://www.mozilla.org/security/announce/2011/mfsa2012-07.html
http://www.mozilla.org/security/announce/2011/mfsa2012-08.html
http://www.mozilla.org/security/announce/2011/mfsa2012-09.html
Security Focus
http://www.securityfocus.com/bid/51756
http://www.securityfocus.com/bid/51786
http://www.securityfocus.com/bid/51754
http://www.securityfocus.com/bid/48360
http://www.securityfocus.com/bid/48358
http://www.securityfocus.com/bid/48373
http://www.securityfocus.com/bid/48372
http://www.securityfocus.com/bid/48367
http://www.securityfocus.com/bid/48376
http://www.securityfocus.com/bid/51753
http://www.securityfocus.com/bid/51755
http://www.securityfocus.com/bid/51787
http://www.securityfocus.com/bid/49778
http://www.securityfocus.com/bid/51757
http://www.securityfocus.com/bid/51752
http://www.securityfocus.com/bid/51765
Secunia
http://secunia.com/advisories/47816/
http://secunia.com/advisories/47840/
http://secunia.com/advisories/47839/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTyvAmfOB+SpikaiRAQKR3wQAoLx9+g1EPHInbUkLs32FPc6chK3qxnAR
hJRGyRGepYMyfJEXpQjcm2z9jewEi+tnqkZPGKyECNbH+AOF8LFv47roHokFAHcj
oZr4d8+bC/y9S0AnprgNp5evLftIULgG+XNj6zZKNhpZBT0Eh9BBKTYio+NIQOO5
6ZZNn1cPRIg=
=BEFM
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12007
Data : 03 Febbraio 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate per accedere al sistema, ottenere informazioni
sensibili ed eseguire codice arbitrario su un sistema che ne sia
affetto.
:: Software interessato:
Mozilla SeaMonkey 2.x
Mozilla Firefox 9.x
Mozilla Firefox 3.6.x
Mozilla Thunderbird 9.x
Mozilla Thunderbird 3.1.x
:: Impatto:
Accesso al sistema
Esecuzione di codice arbitrario
Rilascio di dati sensibili
:: Soluzioni:
Aggiornare Mozilla Firefox alla versione 10.0 o 3.6.26
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 10.0 o 3.1.18
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.7
http://www.seamonkey-project.org/
:: Riferimenti:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2011/mfsa2012-01.html
http://www.mozilla.org/security/announce/2011/mfsa2012-02.html
http://www.mozilla.org/security/announce/2011/mfsa2012-03.html
http://www.mozilla.org/security/announce/2011/mfsa2012-04.html
http://www.mozilla.org/security/announce/2011/mfsa2012-05.html
http://www.mozilla.org/security/announce/2011/mfsa2012-06.html
http://www.mozilla.org/security/announce/2011/mfsa2012-07.html
http://www.mozilla.org/security/announce/2011/mfsa2012-08.html
http://www.mozilla.org/security/announce/2011/mfsa2012-09.html
Security Focus
http://www.securityfocus.com/bid/51756
http://www.securityfocus.com/bid/51786
http://www.securityfocus.com/bid/51754
http://www.securityfocus.com/bid/48360
http://www.securityfocus.com/bid/48358
http://www.securityfocus.com/bid/48373
http://www.securityfocus.com/bid/48372
http://www.securityfocus.com/bid/48367
http://www.securityfocus.com/bid/48376
http://www.securityfocus.com/bid/51753
http://www.securityfocus.com/bid/51755
http://www.securityfocus.com/bid/51787
http://www.securityfocus.com/bid/49778
http://www.securityfocus.com/bid/51757
http://www.securityfocus.com/bid/51752
http://www.securityfocus.com/bid/51765
Secunia
http://secunia.com/advisories/47816/
http://secunia.com/advisories/47840/
http://secunia.com/advisories/47839/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTyvAmfOB+SpikaiRAQKR3wQAoLx9+g1EPHInbUkLs32FPc6chK3qxnAR
hJRGyRGepYMyfJEXpQjcm2z9jewEi+tnqkZPGKyECNbH+AOF8LFv47roHokFAHcj
oZr4d8+bC/y9S0AnprgNp5evLftIULgG+XNj6zZKNhpZBT0Eh9BBKTYio+NIQOO5
6ZZNn1cPRIg=
=BEFM
-----END PGP SIGNATURE-----