Alert GCSA-12037 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12037
Data : 18 luglio 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi di tipo spoofing
e cross-site scripting, ottenere informazioni sensibili, oltrepassare
alcune restrizioni di sicurezza e compromettere un sistema che ne sia affetto.
:: Software interessato:
Mozilla SeaMonkey 2.x
Mozilla Firefox 10.x
Mozilla Thunderbird 10.x
Mozilla Firefox 13.x
Mozilla Thunderbird 13.x
:: Impatto:
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
:: Soluzioni:
Aggiornare Mozilla Firefox alla versione 14.0 o 10.0.6.
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 14.0 o 10.0.6
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.11.
http://www.seamonkey-project.org/
:: Riferimenti:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
Secunia
http://secunia.com/advisories/49992/
http://secunia.com/advisories/49993/
http://secunia.com/advisories/49994/
http://secunia.com/advisories/49965/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
-----BEGIN PGP SIGNATURE-----
iD8DBQFQBr8JwZxMk2USYEIRAgJzAKDTrRyk/v+8kiP96iBxYdGWsGJDJwCffDrU
78Ois75BJn1yAA94RxTe094=
=v+Sb
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12037
Data : 18 luglio 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema:
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi di tipo spoofing
e cross-site scripting, ottenere informazioni sensibili, oltrepassare
alcune restrizioni di sicurezza e compromettere un sistema che ne sia affetto.
:: Software interessato:
Mozilla SeaMonkey 2.x
Mozilla Firefox 10.x
Mozilla Thunderbird 10.x
Mozilla Firefox 13.x
Mozilla Thunderbird 13.x
:: Impatto:
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
:: Soluzioni:
Aggiornare Mozilla Firefox alla versione 14.0 o 10.0.6.
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 14.0 o 10.0.6
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.11.
http://www.seamonkey-project.org/
:: Riferimenti:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
Secunia
http://secunia.com/advisories/49992/
http://secunia.com/advisories/49993/
http://secunia.com/advisories/49994/
http://secunia.com/advisories/49965/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
-----BEGIN PGP SIGNATURE-----
iD8DBQFQBr8JwZxMk2USYEIRAgJzAKDTrRyk/v+8kiP96iBxYdGWsGJDJwCffDrU
78Ois75BJn1yAA94RxTe094=
=v+Sb
-----END PGP SIGNATURE-----