Alert GCSA-10083 - Vulnerabilita' multiple nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10083
Data : 22 Luglio 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.7
Mozilla Firefox versioni precedenti alla 3.5.11
Mozilla Thunderbird versioni precedenti alla 3.1.1
Mozilla Thunderbird versioni precedenti alla 3.0.6
Mozilla SeaMonkey versioni precedenti alla 2.0.6
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.7, 3.5.11 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.1.1, 3.0.6 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.6 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
http://www.mozilla.org/security/announce/2010/mfsa2010-36.html
http://www.mozilla.org/security/announce/2010/mfsa2010-37.html
http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
http://www.mozilla.org/security/announce/2010/mfsa2010-43.html
http://www.mozilla.org/security/announce/2010/mfsa2010-44.html
http://www.mozilla.org/security/announce/2010/mfsa2010-45.html
http://www.mozilla.org/security/announce/2010/mfsa2010-46.html
http://www.mozilla.org/security/announce/2010/mfsa2010-47.html
VuPen:
http://www.vupen.com/english/advisories/2010/1859
Secunia:
http://secunia.com/advisories/40642/
http://secunia.com/advisories/40688/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTEgDU/OB+SpikaiRAQIiYAQAv/y9b9fOcl6cijS7lxTJjj2Tjm+VqTYH
D9Y6qQaqsKa8sIPRxCej+uTUsugnCMleKbGDi2eWGG+NcPJFkqdeF2gpacg5+y3I
umHdlIv+bKZi7Jv+oazltP2Jv7ozFT+bSw5wsCdZr18PwOIaVzasZKSmU9CR7g+p
+lNhzmYFGcg=
=Y2Oq
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10083
Data : 22 Luglio 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.7
Mozilla Firefox versioni precedenti alla 3.5.11
Mozilla Thunderbird versioni precedenti alla 3.1.1
Mozilla Thunderbird versioni precedenti alla 3.0.6
Mozilla SeaMonkey versioni precedenti alla 2.0.6
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.7, 3.5.11 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.1.1, 3.0.6 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.6 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
http://www.mozilla.org/security/announce/2010/mfsa2010-36.html
http://www.mozilla.org/security/announce/2010/mfsa2010-37.html
http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
http://www.mozilla.org/security/announce/2010/mfsa2010-43.html
http://www.mozilla.org/security/announce/2010/mfsa2010-44.html
http://www.mozilla.org/security/announce/2010/mfsa2010-45.html
http://www.mozilla.org/security/announce/2010/mfsa2010-46.html
http://www.mozilla.org/security/announce/2010/mfsa2010-47.html
VuPen:
http://www.vupen.com/english/advisories/2010/1859
Secunia:
http://secunia.com/advisories/40642/
http://secunia.com/advisories/40688/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTEgDU/OB+SpikaiRAQIiYAQAv/y9b9fOcl6cijS7lxTJjj2Tjm+VqTYH
D9Y6qQaqsKa8sIPRxCej+uTUsugnCMleKbGDi2eWGG+NcPJFkqdeF2gpacg5+y3I
umHdlIv+bKZi7Jv+oazltP2Jv7ozFT+bSw5wsCdZr18PwOIaVzasZKSmU9CR7g+p
+lNhzmYFGcg=
=Y2Oq
-----END PGP SIGNATURE-----