Alert GCSA-18098 - Aggiornamento di sicurezza per Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18098
Data: 14 Dicembre 2018
Titolo: Aggiornamento di sicurezza per Mozilla Firefox
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del browser Mozilla Firefox e Mozilla
Firefox ESR che risolvono vulnerabilita' multiple potenzialmente sfruttabili
per ottenere il controllo del sistema.
:: Software interessato
Firefox versioni precedenti alla 64
Firefox ESR versioni precedenti alla 60.4
:: Impatto
Esecuzione remota di codice arbitrario
Bypass di restrizioni di sicurezza
Privilege escalation
Denial of Service
:: Soluzioni
Aggiornare Firefox all'ultima versione
Firefox 64
https://www.mozilla.org/it/firefox/new/
Firefox ESR 60.4
https://www.mozilla.org/en-US/firefox/organizations/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
CERT Nazionale
https://www.certnazionale.it/news/2018/12/12/risolte-vulnerabilita-critiche-in-mozilla-firefox-64/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/12/11/Mozilla-Releases-Security-Updates-Firefox
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlwTZBAACgkQwZxMk2USYELqYgCbBKsWrJiL32kDSGcg8IatNu8X
39wAoLohaZt9lcJBGcBnJ7LAcXvWujks
=2ZMv
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18098
Data: 14 Dicembre 2018
Titolo: Aggiornamento di sicurezza per Mozilla Firefox
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del browser Mozilla Firefox e Mozilla
Firefox ESR che risolvono vulnerabilita' multiple potenzialmente sfruttabili
per ottenere il controllo del sistema.
:: Software interessato
Firefox versioni precedenti alla 64
Firefox ESR versioni precedenti alla 60.4
:: Impatto
Esecuzione remota di codice arbitrario
Bypass di restrizioni di sicurezza
Privilege escalation
Denial of Service
:: Soluzioni
Aggiornare Firefox all'ultima versione
Firefox 64
https://www.mozilla.org/it/firefox/new/
Firefox ESR 60.4
https://www.mozilla.org/en-US/firefox/organizations/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
CERT Nazionale
https://www.certnazionale.it/news/2018/12/12/risolte-vulnerabilita-critiche-in-mozilla-firefox-64/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/12/11/Mozilla-Releases-Security-Updates-Firefox
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlwTZBAACgkQwZxMk2USYELqYgCbBKsWrJiL32kDSGcg8IatNu8X
39wAoLohaZt9lcJBGcBnJ7LAcXvWujks
=2ZMv
-----END PGP SIGNATURE-----