Alert GCSA-10035 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10035
Data : 02 Aprile 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.2
Mozilla Firefox versioni precedenti alla 3.5.9
Mozilla Firefox versioni precedenti alla 3.0.19
Mozilla Thunderbird versioni precedenti alla 3.0.4
Mozilla SeaMonkey versioni precedenti alla 2.0.4
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.2, 3.5.9 o 3.0.19 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.4 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.4 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-16.html
http://www.mozilla.org/security/announce/2010/mfsa2010-17.html
http://www.mozilla.org/security/announce/2010/mfsa2010-18.html
http://www.mozilla.org/security/announce/2010/mfsa2010-19.html
http://www.mozilla.org/security/announce/2010/mfsa2010-20.html
http://www.mozilla.org/security/announce/2010/mfsa2010-21.html
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.mozilla.org/security/announce/2010/mfsa2010-23.html
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
VuPen:
http://www.vupen.com/english/advisories/2010/0748
Secunia:
http://secunia.com/advisories/39136/
http://secunia.com/advisories/39240/
http://secunia.com/advisories/39242/
http://secunia.com/advisories/39243/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS7WiUfOB+SpikaiRAQIJzQP9EcvGFUUt7oHHJ9R/V53HcIqG4MyI42GJ
hk0RWGat/xs6z1Oep8xFJnbMpwq5VdFU0gjZcROWlqwquq81enGOANOE97LgMiLN
+hK7GSYNLyPBfYGrXRTZDyenA024tF2Dj/nv/FDDO/3NzQ9wKWcD8t2GDPelH4eN
S5qKc+LgkU4=
=eJdU
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10035
Data : 02 Aprile 2010
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, evitare restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.6.2
Mozilla Firefox versioni precedenti alla 3.5.9
Mozilla Firefox versioni precedenti alla 3.0.19
Mozilla Thunderbird versioni precedenti alla 3.0.4
Mozilla SeaMonkey versioni precedenti alla 2.0.4
:: Impatto
Esecuzione remota di codice arbitrario
Compromissione del sistema
Security Bypass
Esecuzione di attacchi di tipo cross site scripting
Possibilita' di condurre attacchi di tipo phishing
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.2, 3.5.9 o 3.0.19 :
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.0.4 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.4 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-16.html
http://www.mozilla.org/security/announce/2010/mfsa2010-17.html
http://www.mozilla.org/security/announce/2010/mfsa2010-18.html
http://www.mozilla.org/security/announce/2010/mfsa2010-19.html
http://www.mozilla.org/security/announce/2010/mfsa2010-20.html
http://www.mozilla.org/security/announce/2010/mfsa2010-21.html
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.mozilla.org/security/announce/2010/mfsa2010-23.html
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
VuPen:
http://www.vupen.com/english/advisories/2010/0748
Secunia:
http://secunia.com/advisories/39136/
http://secunia.com/advisories/39240/
http://secunia.com/advisories/39242/
http://secunia.com/advisories/39243/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS7WiUfOB+SpikaiRAQIJzQP9EcvGFUUt7oHHJ9R/V53HcIqG4MyI42GJ
hk0RWGat/xs6z1Oep8xFJnbMpwq5VdFU0gjZcROWlqwquq81enGOANOE97LgMiLN
+hK7GSYNLyPBfYGrXRTZDyenA024tF2Dj/nv/FDDO/3NzQ9wKWcD8t2GDPelH4eN
S5qKc+LgkU4=
=eJdU
-----END PGP SIGNATURE-----