Alert GCSA-07050 - Vulnerabilita' multiple nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07050
Data : 31 Maggio 2007
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti
Mozilla Firefox, Thunderbird e SeaMonkey.
Queste vulnerabilita' possono essere sfruttate da
un aggressore remoto per provocare vari tipi di danno
fino ad ottenere il completo controllo del sistema.
:: Piattaforme, software o moduli interessati
Mozilla Firefox versioni precedenti alla 2.0.0.4
Mozilla Firefox versioni precedenti alla 1.5.0.12
Mozilla Thunderbird versioni precedenti alla 2.0.0.4
Mozilla Thunderbird versioni precedenti alla 1.5.0.12
Mozilla SeaMonkey versioni precedenti alla 1.0.9
Mozilla SeaMonkey versioni precedenti alla 1.1.2
RedHat Enterprise Linux AS, ES, WS
:: Impatto
Le vulnerabilita' individuate potrebbero permettere
ad un aggressore le seguenti attivita':
* Spoofing
* Denial of service
* Bypass di restizioni di sicurezza
* Accesso ad informazioni sensibili
* Accesso e controllo completo del sistema
:: Soluzione
Aggiornare i prodotti alle ultime versioni:
Firefox 2.0.0.4 o 1.5.0.12
http://www.mozilla.com/firefox/
Thunderbird 2.0.0.4 o 1.5.0.12
http://www.mozilla.com/thunderbird/
SeaMonkey 1.0.9 or 1.1.2
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
http://www.mozilla.org/security/announce/2007/mfsa2007-13.html
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
http://www.mozilla.org/security/announce/2007/mfsa2007-16.html
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Mitre's CVE ID
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871
FrSirt:
http://www.frsirt.com/english/advisories/2007/1994
Secunia
http://secunia.com/advisories/25469/
http://secunia.com/advisories/25488/
http://secunia.com/advisories/25489/
Redhat
http://rhn.redhat.com/errata/RHSA-2007-0400.html
http://rhn.redhat.com/errata/RHSA-2007-0401.html
http://rhn.redhat.com/errata/RHSA-2007-0402.html
SecurityFocus Bugtraq ID
http://www.securityfocus.com/bid/22879
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRl7VSPOB+SpikaiRAQIuhgQAofqcbX7v6/A7hdzCNLqOS6IhdzQQ945Z
++JZu5a+ml+qQdBfvCSBXdBw+UJR6Z4Oegp7Z5xrdTAugOJfN7/It8gQS2Kdh9cV
ZiaqZX2coVxTdyszcdexrxDSf139HJZDCQK3T8cUT00kizMe3ph5477OmiL3XxN0
4izYqvsUJdM=
=B3LL
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07050
Data : 31 Maggio 2007
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti
Mozilla Firefox, Thunderbird e SeaMonkey.
Queste vulnerabilita' possono essere sfruttate da
un aggressore remoto per provocare vari tipi di danno
fino ad ottenere il completo controllo del sistema.
:: Piattaforme, software o moduli interessati
Mozilla Firefox versioni precedenti alla 2.0.0.4
Mozilla Firefox versioni precedenti alla 1.5.0.12
Mozilla Thunderbird versioni precedenti alla 2.0.0.4
Mozilla Thunderbird versioni precedenti alla 1.5.0.12
Mozilla SeaMonkey versioni precedenti alla 1.0.9
Mozilla SeaMonkey versioni precedenti alla 1.1.2
RedHat Enterprise Linux AS, ES, WS
:: Impatto
Le vulnerabilita' individuate potrebbero permettere
ad un aggressore le seguenti attivita':
* Spoofing
* Denial of service
* Bypass di restizioni di sicurezza
* Accesso ad informazioni sensibili
* Accesso e controllo completo del sistema
:: Soluzione
Aggiornare i prodotti alle ultime versioni:
Firefox 2.0.0.4 o 1.5.0.12
http://www.mozilla.com/firefox/
Thunderbird 2.0.0.4 o 1.5.0.12
http://www.mozilla.com/thunderbird/
SeaMonkey 1.0.9 or 1.1.2
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
http://www.mozilla.org/security/announce/2007/mfsa2007-13.html
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
http://www.mozilla.org/security/announce/2007/mfsa2007-16.html
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Mitre's CVE ID
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871
FrSirt:
http://www.frsirt.com/english/advisories/2007/1994
Secunia
http://secunia.com/advisories/25469/
http://secunia.com/advisories/25488/
http://secunia.com/advisories/25489/
Redhat
http://rhn.redhat.com/errata/RHSA-2007-0400.html
http://rhn.redhat.com/errata/RHSA-2007-0401.html
http://rhn.redhat.com/errata/RHSA-2007-0402.html
SecurityFocus Bugtraq ID
http://www.securityfocus.com/bid/22879
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRl7VSPOB+SpikaiRAQIuhgQAofqcbX7v6/A7hdzCNLqOS6IhdzQQ945Z
++JZu5a+ml+qQdBfvCSBXdBw+UJR6Z4Oegp7Z5xrdTAugOJfN7/It8gQS2Kdh9cV
ZiaqZX2coVxTdyszcdexrxDSf139HJZDCQK3T8cUT00kizMe3ph5477OmiL3XxN0
4izYqvsUJdM=
=B3LL
-----END PGP SIGNATURE-----