Alert GCSA-13005 - Vulnerabilita' nei prodotti Mozilla (firefox,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13005
Data : 11 Gennaio 2013
Titolo : Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
che risolvono varie vulnerabilita' presenti in Firefox, Thunderbird e
SeaMonkey che potrebbero essere sfruttate da attaccanti remoti e
locali per condurre attacchi.
Inoltre con l'aggiornamento viene risolto un problema relativo
all'emissione di certificati inaffidabili da parte della CA TURKTRUST.
:: Software interessato
Firefox versioni precedenti alla 18
Thunderbird versioni precedenti alla 17.0.2
SeaMonkey versioni precedenti alla 2.15
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
:: Soluzioni
Aggiornare Firefox alla versione 18
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 17.0.2
http://www.mozilla.org/it/thunderbird/
Aggiornare SeaMonkey alla versione 2.15
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
http://www.mozilla.org/en-US/firefox/18.0/releasenotes/buglist.html
http://www.mozilla.org/security/announce/2013/mfsa2012-98.html
http://www.mozilla.org/security/announce/2013/mfsa2013-01.html
http://www.mozilla.org/security/announce/2013/mfsa2013-02.html
http://www.mozilla.org/security/announce/2013/mfsa2013-04.html
http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
http://www.mozilla.org/security/announce/2013/mfsa2013-06.html
http://www.mozilla.org/security/announce/2013/mfsa2013-07.html
http://www.mozilla.org/security/announce/2013/mfsa2013-08.html
http://www.mozilla.org/security/announce/2013/mfsa2013-09.html
http://www.mozilla.org/security/announce/2013/mfsa2013-10.html
http://www.mozilla.org/security/announce/2013/mfsa2013-11.html
http://www.mozilla.org/security/announce/2013/mfsa2013-12.html
http://www.mozilla.org/security/announce/2013/mfsa2013-13.html
http://www.mozilla.org/security/announce/2013/mfsa2013-14.html
http://www.mozilla.org/security/announce/2013/mfsa2013-15.html
http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
http://www.mozilla.org/security/announce/2013/mfsa2013-17.html
http://www.mozilla.org/security/announce/2013/mfsa2013-18.html
http://www.mozilla.org/security/announce/2013/mfsa2013-19.html
http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2013-0144.html
https://rhn.redhat.com/errata/RHSA-2013-0145.html
Ubuntu Security Notice
http://www.ubuntu.com/usn/usn-1681-1/
http://www.ubuntu.com/usn/usn-1681-2/
Mandriva Linux Security Advisory
http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2013:002
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2013:003
Slackware Security Advisories
http://www.slackware.com/security/list.php?l=slackware-security&y=2013
SecurityFocus BID
http://www.securityfocus.com/bid/57196
http://www.securityfocus.com/bid/57197
http://www.securityfocus.com/bid/57205
http://www.securityfocus.com/bid/57207
-----BEGIN PGP SIGNATURE-----
iD8DBQFQ7/QrwZxMk2USYEIRAv91AJ9a9x/UTLeH5OhZb+wIXtXbrqRDmgCgtZlo
Zu6ZRetHM2Nvs3g2E1Pdvgg=
=4wXA
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13005
Data : 11 Gennaio 2013
Titolo : Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
che risolvono varie vulnerabilita' presenti in Firefox, Thunderbird e
SeaMonkey che potrebbero essere sfruttate da attaccanti remoti e
locali per condurre attacchi.
Inoltre con l'aggiornamento viene risolto un problema relativo
all'emissione di certificati inaffidabili da parte della CA TURKTRUST.
:: Software interessato
Firefox versioni precedenti alla 18
Thunderbird versioni precedenti alla 17.0.2
SeaMonkey versioni precedenti alla 2.15
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
:: Soluzioni
Aggiornare Firefox alla versione 18
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 17.0.2
http://www.mozilla.org/it/thunderbird/
Aggiornare SeaMonkey alla versione 2.15
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
http://www.mozilla.org/en-US/firefox/18.0/releasenotes/buglist.html
http://www.mozilla.org/security/announce/2013/mfsa2012-98.html
http://www.mozilla.org/security/announce/2013/mfsa2013-01.html
http://www.mozilla.org/security/announce/2013/mfsa2013-02.html
http://www.mozilla.org/security/announce/2013/mfsa2013-04.html
http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
http://www.mozilla.org/security/announce/2013/mfsa2013-06.html
http://www.mozilla.org/security/announce/2013/mfsa2013-07.html
http://www.mozilla.org/security/announce/2013/mfsa2013-08.html
http://www.mozilla.org/security/announce/2013/mfsa2013-09.html
http://www.mozilla.org/security/announce/2013/mfsa2013-10.html
http://www.mozilla.org/security/announce/2013/mfsa2013-11.html
http://www.mozilla.org/security/announce/2013/mfsa2013-12.html
http://www.mozilla.org/security/announce/2013/mfsa2013-13.html
http://www.mozilla.org/security/announce/2013/mfsa2013-14.html
http://www.mozilla.org/security/announce/2013/mfsa2013-15.html
http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
http://www.mozilla.org/security/announce/2013/mfsa2013-17.html
http://www.mozilla.org/security/announce/2013/mfsa2013-18.html
http://www.mozilla.org/security/announce/2013/mfsa2013-19.html
http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2013-0144.html
https://rhn.redhat.com/errata/RHSA-2013-0145.html
Ubuntu Security Notice
http://www.ubuntu.com/usn/usn-1681-1/
http://www.ubuntu.com/usn/usn-1681-2/
Mandriva Linux Security Advisory
http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2013:002
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2013:003
Slackware Security Advisories
http://www.slackware.com/security/list.php?l=slackware-security&y=2013
SecurityFocus BID
http://www.securityfocus.com/bid/57196
http://www.securityfocus.com/bid/57197
http://www.securityfocus.com/bid/57205
http://www.securityfocus.com/bid/57207
-----BEGIN PGP SIGNATURE-----
iD8DBQFQ7/QrwZxMk2USYEIRAv91AJ9a9x/UTLeH5OhZb+wIXtXbrqRDmgCgtZlo
Zu6ZRetHM2Nvs3g2E1Pdvgg=
=4wXA
-----END PGP SIGNATURE-----