Alert GCSA-25029 - Aggiornamento di sicurezza per prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25029
Data: 6 Marzo 2025
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e del client di posta Thunderbird, Thunderbird ESR con le quali risolve
vulnerabilita' multiple, di cui 2 di gravita' "critica".
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 136
Firefox ESR versioni precedenti alla 128.8
Firefox ESR versioni precedenti alla 115.21
Thunderbird versioni precedenti alla 132
Thunderbird ESR versioni precedenti alla 128.8
:: Impatto
Remote Code Execution
Privilege Escalation
Denial of Service
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
CSIRT Italia
https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-prodotti-mozilla-2
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1943
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ8mOqgAKCRDBnEyTZRJg
QvZJAJ9og+b/WKUcoGMU+tHDQ/5p7cw6awCeIABzqCrJ77rwhwYqRSk2O9XSHBE=
=chfz
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25029
Data: 6 Marzo 2025
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e del client di posta Thunderbird, Thunderbird ESR con le quali risolve
vulnerabilita' multiple, di cui 2 di gravita' "critica".
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 136
Firefox ESR versioni precedenti alla 128.8
Firefox ESR versioni precedenti alla 115.21
Thunderbird versioni precedenti alla 132
Thunderbird ESR versioni precedenti alla 128.8
:: Impatto
Remote Code Execution
Privilege Escalation
Denial of Service
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
CSIRT Italia
https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-prodotti-mozilla-2
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1943
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ8mOqgAKCRDBnEyTZRJg
QvZJAJ9og+b/WKUcoGMU+tHDQ/5p7cw6awCeIABzqCrJ77rwhwYqRSk2O9XSHBE=
=chfz
-----END PGP SIGNATURE-----