Alert GCSA-12068 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12068
Data : 21 Novembre 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi
di tipo spoofing e cross-site scripting, oltrepassare alcune
restrizioni di sicurezza e compromettere un sistema che ne sia
affetto.
:: Software interessato
Mozilla SeaMonkey versioni precedenti alla 2.14
Mozilla Firefox versioni precedenti alla 17
Mozilla Thunderbird versioni precedenti alla 17
Mozilla Firefox 10.x versioni precedenti alla 10.011
Mozilla Thunderbird 10.x versioni precedenti alla 10.0.11
:: Impatto
Accesso al sistema
Security Bypass
Cross Site Scripting
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 17
Aggiornare Mozilla Firefox 10.x alla versione 10.0.11
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 17
Aggiornare Mozilla Thunderbird 10.x alla versione 10.0.11
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.14
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/
https://www.mozilla.org/security/announce/2012/mfsa2012-91.html
https://www.mozilla.org/security/announce/2012/mfsa2012-92.html
https://www.mozilla.org/security/announce/2012/mfsa2012-93.html
https://www.mozilla.org/security/announce/2012/mfsa2012-94.html
https://www.mozilla.org/security/announce/2012/mfsa2012-95.html
https://www.mozilla.org/security/announce/2012/mfsa2012-96.html
https://www.mozilla.org/security/announce/2012/mfsa2012-97.html
https://www.mozilla.org/security/announce/2012/mfsa2012-98.html
https://www.mozilla.org/security/announce/2012/mfsa2012-99.html
https://www.mozilla.org/security/announce/2012/mfsa2012-100.html
https://www.mozilla.org/security/announce/2012/mfsa2012-101.html
https://www.mozilla.org/security/announce/2012/mfsa2012-102.html
https://www.mozilla.org/security/announce/2012/mfsa2012-103.html
https://www.mozilla.org/security/announce/2012/mfsa2012-104.html
https://www.mozilla.org/security/announce/2012/mfsa2012-105.html
https://www.mozilla.org/security/announce/2012/mfsa2012-106.html
Secunia
http://secunia.com/advisories/51358/
http://secunia.com/advisories/51381/
http://secunia.com/advisories/51382/
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1482.html
https://rhn.redhat.com/errata/RHSA-2012-1483.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843
-----BEGIN PGP SIGNATURE-----
iD8DBQFQrOm8wZxMk2USYEIRAvAsAKDT70qffgM2i8+F37sgKu0kA3sNpgCgg6/I
Nb7IY2KIeHp9OZ6LLZ3JZS8=
=wyu1
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12068
Data : 21 Novembre 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi
di tipo spoofing e cross-site scripting, oltrepassare alcune
restrizioni di sicurezza e compromettere un sistema che ne sia
affetto.
:: Software interessato
Mozilla SeaMonkey versioni precedenti alla 2.14
Mozilla Firefox versioni precedenti alla 17
Mozilla Thunderbird versioni precedenti alla 17
Mozilla Firefox 10.x versioni precedenti alla 10.011
Mozilla Thunderbird 10.x versioni precedenti alla 10.0.11
:: Impatto
Accesso al sistema
Security Bypass
Cross Site Scripting
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 17
Aggiornare Mozilla Firefox 10.x alla versione 10.0.11
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 17
Aggiornare Mozilla Thunderbird 10.x alla versione 10.0.11
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.14
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/
https://www.mozilla.org/security/announce/2012/mfsa2012-91.html
https://www.mozilla.org/security/announce/2012/mfsa2012-92.html
https://www.mozilla.org/security/announce/2012/mfsa2012-93.html
https://www.mozilla.org/security/announce/2012/mfsa2012-94.html
https://www.mozilla.org/security/announce/2012/mfsa2012-95.html
https://www.mozilla.org/security/announce/2012/mfsa2012-96.html
https://www.mozilla.org/security/announce/2012/mfsa2012-97.html
https://www.mozilla.org/security/announce/2012/mfsa2012-98.html
https://www.mozilla.org/security/announce/2012/mfsa2012-99.html
https://www.mozilla.org/security/announce/2012/mfsa2012-100.html
https://www.mozilla.org/security/announce/2012/mfsa2012-101.html
https://www.mozilla.org/security/announce/2012/mfsa2012-102.html
https://www.mozilla.org/security/announce/2012/mfsa2012-103.html
https://www.mozilla.org/security/announce/2012/mfsa2012-104.html
https://www.mozilla.org/security/announce/2012/mfsa2012-105.html
https://www.mozilla.org/security/announce/2012/mfsa2012-106.html
Secunia
http://secunia.com/advisories/51358/
http://secunia.com/advisories/51381/
http://secunia.com/advisories/51382/
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1482.html
https://rhn.redhat.com/errata/RHSA-2012-1483.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843
-----BEGIN PGP SIGNATURE-----
iD8DBQFQrOm8wZxMk2USYEIRAvAsAKDT70qffgM2i8+F37sgKu0kA3sNpgCgg6/I
Nb7IY2KIeHp9OZ6LLZ3JZS8=
=wyu1
-----END PGP SIGNATURE-----