Alert GCSA-12063 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12063
Data : 10 Ottobre 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi
di tipo spoofing e cross-site scripting, ottenere informazioni
sensibili, oltrepassare alcune restrizioni di sicurezza e
compromettere un sistema che ne sia affetto.
:: Software interessato
Mozilla SeaMonkey versioni precedenti alla 2.13
Mozilla Firefox versioni precedenti alla 16
Mozilla Thunderbird versioni precedenti alla 16
Mozilla Firefox 10.x versioni precedenti alla 10.0.8
Mozilla Thunderbird 10.x versioni precedenti alla 10.0.8
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 16
Aggiornare Mozilla Firefox 10.x alla versione 10.0.8
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 15
Aggiornare Mozilla Thunderbird 10.x alla versione 10.0.8
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.13
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/
https://www.mozilla.org/security/announce/2012/mfsa2012-74.html
https://www.mozilla.org/security/announce/2012/mfsa2012-75.html
https://www.mozilla.org/security/announce/2012/mfsa2012-76.html
https://www.mozilla.org/security/announce/2012/mfsa2012-77.html
https://www.mozilla.org/security/announce/2012/mfsa2012-78.html
https://www.mozilla.org/security/announce/2012/mfsa2012-79.html
https://www.mozilla.org/security/announce/2012/mfsa2012-80.html
https://www.mozilla.org/security/announce/2012/mfsa2012-81.html
https://www.mozilla.org/security/announce/2012/mfsa2012-82.html
https://www.mozilla.org/security/announce/2012/mfsa2012-83.html
https://www.mozilla.org/security/announce/2012/mfsa2012-84.html
https://www.mozilla.org/security/announce/2012/mfsa2012-85.html
https://www.mozilla.org/security/announce/2012/mfsa2012-86.html
https://www.mozilla.org/security/announce/2012/mfsa2012-87.html
Secunia
http://secunia.com/advisories/50856/
http://secunia.com/advisories/50856/
http://secunia.com/advisories/50936/
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1350.html
https://rhn.redhat.com/errata/RHSA-2012-1351.html
Ubuntu Security Advisory
http://www.ubuntu.com/usn/usn-1600-1/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
-----BEGIN PGP SIGNATURE-----
iD8DBQFQdZTxwZxMk2USYEIRAhgNAKCDHAhH8td4DcDhqkq3qVEVw8OioQCfQzkh
YwsOp9RuVRvFwFQ7dngZKZ4=
=lqNn
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12063
Data : 10 Ottobre 2012
Titolo : Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple nei prodotti
Mozilla Firefox, Thunderbird e Seamonkey che potrebbero essere
sfruttate da attaccanti remoti e locali per condurre attacchi
di tipo spoofing e cross-site scripting, ottenere informazioni
sensibili, oltrepassare alcune restrizioni di sicurezza e
compromettere un sistema che ne sia affetto.
:: Software interessato
Mozilla SeaMonkey versioni precedenti alla 2.13
Mozilla Firefox versioni precedenti alla 16
Mozilla Thunderbird versioni precedenti alla 16
Mozilla Firefox 10.x versioni precedenti alla 10.0.8
Mozilla Thunderbird 10.x versioni precedenti alla 10.0.8
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
:: Soluzioni
Aggiornare Mozilla Firefox alla versione 16
Aggiornare Mozilla Firefox 10.x alla versione 10.0.8
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 15
Aggiornare Mozilla Thunderbird 10.x alla versione 10.0.8
http://www.mozilla.org/thunderbird/
Aggiornare Mozilla SeaMonkey alla versione 2.13
http://www.seamonkey-project.org/
:: Riferimenti
Mozilla Security Advisory
https://www.mozilla.org/security/known-vulnerabilities/
https://www.mozilla.org/security/announce/2012/mfsa2012-74.html
https://www.mozilla.org/security/announce/2012/mfsa2012-75.html
https://www.mozilla.org/security/announce/2012/mfsa2012-76.html
https://www.mozilla.org/security/announce/2012/mfsa2012-77.html
https://www.mozilla.org/security/announce/2012/mfsa2012-78.html
https://www.mozilla.org/security/announce/2012/mfsa2012-79.html
https://www.mozilla.org/security/announce/2012/mfsa2012-80.html
https://www.mozilla.org/security/announce/2012/mfsa2012-81.html
https://www.mozilla.org/security/announce/2012/mfsa2012-82.html
https://www.mozilla.org/security/announce/2012/mfsa2012-83.html
https://www.mozilla.org/security/announce/2012/mfsa2012-84.html
https://www.mozilla.org/security/announce/2012/mfsa2012-85.html
https://www.mozilla.org/security/announce/2012/mfsa2012-86.html
https://www.mozilla.org/security/announce/2012/mfsa2012-87.html
Secunia
http://secunia.com/advisories/50856/
http://secunia.com/advisories/50856/
http://secunia.com/advisories/50936/
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1350.html
https://rhn.redhat.com/errata/RHSA-2012-1351.html
Ubuntu Security Advisory
http://www.ubuntu.com/usn/usn-1600-1/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
-----BEGIN PGP SIGNATURE-----
iD8DBQFQdZTxwZxMk2USYEIRAhgNAKCDHAhH8td4DcDhqkq3qVEVw8OioQCfQzkh
YwsOp9RuVRvFwFQ7dngZKZ4=
=lqNn
-----END PGP SIGNATURE-----