Alert GCSA-10025 - Vulnerabilita' multiple nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10025
Data : 18 febbraio 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, scavalcare le restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6
Mozilla Firefox versioni precedenti alla 3.5.8
Mozilla Firefox versioni precedenti alla 3.0.18
Mozilla Thunderbird versioni precedenti alla 3.0.2
Mozilla SeaMonkey versioni precedenti alla 2.0.3
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzioni di attacchi di tipo cross domain scripting
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6, 3.5.8 o 3.0.18 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.2 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.3 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-05.html
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
http://www.mozilla.org/security/announce/2010/mfsa2010-02.html
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
VUPEN
http://www.vupen.com/english/advisories/2010/0405
Secunia
http://secunia.com/advisories/38657/
http://secunia.com/advisories/38656/
http://secunia.com/advisories/37242/
Securityfocus
http://www.securityfocus.com/bid/38285
http://www.securityfocus.com/bid/38286
http://www.securityfocus.com/bid/38287
http://www.securityfocus.com/bid/38288
http://www.securityfocus.com/bid/38289
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS31WJPOB+SpikaiRAQIWsQQA0+5OVSctiAjhKvKCeXeonodkoSvjOBdy
Fr4StiOvMjEC4j1BBwhNExHZ2AxFm2VHUwa2Rvrh3apk1kxz3y1Dcqsxuq8w+PyJ
z7KcZ0hdwkavbwteFCFnuf5Jyyb3VgQEunSlJcDaZQ4cbqRLIlTAZtE83UpNRLc8
qhES34xCq5w=
=B1Gn
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10025
Data : 18 febbraio 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, scavalcare le restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6
Mozilla Firefox versioni precedenti alla 3.5.8
Mozilla Firefox versioni precedenti alla 3.0.18
Mozilla Thunderbird versioni precedenti alla 3.0.2
Mozilla SeaMonkey versioni precedenti alla 2.0.3
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzioni di attacchi di tipo cross domain scripting
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6, 3.5.8 o 3.0.18 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.2 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.3 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-05.html
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
http://www.mozilla.org/security/announce/2010/mfsa2010-02.html
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
VUPEN
http://www.vupen.com/english/advisories/2010/0405
Secunia
http://secunia.com/advisories/38657/
http://secunia.com/advisories/38656/
http://secunia.com/advisories/37242/
Securityfocus
http://www.securityfocus.com/bid/38285
http://www.securityfocus.com/bid/38286
http://www.securityfocus.com/bid/38287
http://www.securityfocus.com/bid/38288
http://www.securityfocus.com/bid/38289
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS31WJPOB+SpikaiRAQIWsQQA0+5OVSctiAjhKvKCeXeonodkoSvjOBdy
Fr4StiOvMjEC4j1BBwhNExHZ2AxFm2VHUwa2Rvrh3apk1kxz3y1Dcqsxuq8w+PyJ
z7KcZ0hdwkavbwteFCFnuf5Jyyb3VgQEunSlJcDaZQ4cbqRLIlTAZtE83UpNRLc8
qhES34xCq5w=
=B1Gn
-----END PGP SIGNATURE-----