Alert GCSA-12015 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12015
Data : 14 Marzo 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate per condurre attacchi di tipo cross site scripting,
accedere al sistema, ottenere informazioni sensibili ed eseguire
codice arbitrario su un sistema che ne sia affetto.
:: Software interessato:
Mozilla SeaMonkey 2.x
Mozilla Firefox 10.x
Mozilla Firefox 3.6.x
Mozilla Thunderbird 10.x
Mozilla Thunderbird 3.1.x
:: Impatto:
Accesso al sistema
Esecuzione di codice arbitrario
Rilascio di dati sensibili
Attacchi Cross Site Scripting
:: Soluzioni:
Aggiornare Mozilla Firefox alla versione 11.0, 10.0.3 o 3.6.28
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 11.0, 10.0.3 o 3.1.20
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.8
http://www.seamonkey-project.org/
:: Riferimenti:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-12.html
http://www.mozilla.org/security/announce/2012/mfsa2012-13.html
http://www.mozilla.org/security/announce/2012/mfsa2012-14.html
http://www.mozilla.org/security/announce/2012/mfsa2012-15.html
http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
http://www.mozilla.org/security/announce/2012/mfsa2012-17.html
http://www.mozilla.org/security/announce/2012/mfsa2012-18.html
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
Security Focus
http://www.securityfocus.com/bid/52459
http://www.securityfocus.com/bid/52463
http://www.securityfocus.com/bid/52460
http://www.securityfocus.com/bid/52464
http://www.securityfocus.com/bid/52457
http://www.securityfocus.com/bid/52465
http://www.securityfocus.com/bid/52458
http://www.securityfocus.com/bid/52456
http://www.securityfocus.com/bid/52461
http://www.securityfocus.com/bid/52467
http://www.securityfocus.com/bid/52466
http://www.securityfocus.com/bid/52455
Secunia
http://secunia.com/advisories/48402/
http://secunia.com/advisories/48414/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464
-----BEGIN PGP SIGNATURE-----
iQCVAwUBT2C8/vOB+SpikaiRAQJnYwP+NK0qqz+lXmeguk88OmwlV3F+wUPYakIc
lCFZIC/7cKIqUPkAn90KFqWra6CWy3sBnHK3ZQ5eLZ0DFeXbmLeuYY7tcSSoz8C4
n4jxa0LBIUqa5lnZxl8Nmw4WD2/B3nUmcsOLIZrwKWuWK52O/Tir5WdQEwwzUbYN
Sjg+HRncRLI=
=iNe3
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12015
Data : 14 Marzo 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate per condurre attacchi di tipo cross site scripting,
accedere al sistema, ottenere informazioni sensibili ed eseguire
codice arbitrario su un sistema che ne sia affetto.
:: Software interessato:
Mozilla SeaMonkey 2.x
Mozilla Firefox 10.x
Mozilla Firefox 3.6.x
Mozilla Thunderbird 10.x
Mozilla Thunderbird 3.1.x
:: Impatto:
Accesso al sistema
Esecuzione di codice arbitrario
Rilascio di dati sensibili
Attacchi Cross Site Scripting
:: Soluzioni:
Aggiornare Mozilla Firefox alla versione 11.0, 10.0.3 o 3.6.28
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 11.0, 10.0.3 o 3.1.20
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.8
http://www.seamonkey-project.org/
:: Riferimenti:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-12.html
http://www.mozilla.org/security/announce/2012/mfsa2012-13.html
http://www.mozilla.org/security/announce/2012/mfsa2012-14.html
http://www.mozilla.org/security/announce/2012/mfsa2012-15.html
http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
http://www.mozilla.org/security/announce/2012/mfsa2012-17.html
http://www.mozilla.org/security/announce/2012/mfsa2012-18.html
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
Security Focus
http://www.securityfocus.com/bid/52459
http://www.securityfocus.com/bid/52463
http://www.securityfocus.com/bid/52460
http://www.securityfocus.com/bid/52464
http://www.securityfocus.com/bid/52457
http://www.securityfocus.com/bid/52465
http://www.securityfocus.com/bid/52458
http://www.securityfocus.com/bid/52456
http://www.securityfocus.com/bid/52461
http://www.securityfocus.com/bid/52467
http://www.securityfocus.com/bid/52466
http://www.securityfocus.com/bid/52455
Secunia
http://secunia.com/advisories/48402/
http://secunia.com/advisories/48414/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464
-----BEGIN PGP SIGNATURE-----
iQCVAwUBT2C8/vOB+SpikaiRAQJnYwP+NK0qqz+lXmeguk88OmwlV3F+wUPYakIc
lCFZIC/7cKIqUPkAn90KFqWra6CWy3sBnHK3ZQ5eLZ0DFeXbmLeuYY7tcSSoz8C4
n4jxa0LBIUqa5lnZxl8Nmw4WD2/B3nUmcsOLIZrwKWuWK52O/Tir5WdQEwwzUbYN
Sjg+HRncRLI=
=iNe3
-----END PGP SIGNATURE-----