Alert GCSA-18009 - Vulnerabilita' nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18009
Data: 26 Gennaio 2018
Titolo: Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del software Mozilla, Firefox e
Thunderbird, che risolvono varie vulnerabilita' potenzialmente
sfruttabili da aggressori per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 58
Firefox versioni precedenti alla ESR 52.6
Thunderbird versioni precedenti alla 52.6
:: Impatto
Esecuzione di codice arbitrario
Accesso ad informazioni sensibili
Attacchi di tipo cross-site scripting
Spoofing di URL
Crash o denial of service
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird all'ultima versione
https://www.mozilla.org/it/thunderbird/new/
:: Riferimenti
Mozilla Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04
US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/01/23/Mozilla-Releases-Security-Updates
https://www.us-cert.gov/ncas/current-activity/2018/01/25/Mozilla-Releases-Security-Update-Thunderbird
SecurityTracker.com
https://securitytracker.com/id/1040270
Debian Security Advisory
https://www.debian.org/security/2018/dsa-4096
Ubuntu Security Notice
https://usn.ubuntu.com/usn/usn-3544-1/
Threatpost
https://threatpost.com/firefox-chrome-patch-vulnerabilities-add-security-features/129658/
Riferimenti CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5122
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlpq8WwACgkQwZxMk2USYEJz3gCgyWzBXGOp7He7qOauv5gJK6E5
SRsAnRfnJFJcdPjyokjARluy9GkvBm2M
=wlvS
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18009
Data: 26 Gennaio 2018
Titolo: Vulnerabilita' nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del software Mozilla, Firefox e
Thunderbird, che risolvono varie vulnerabilita' potenzialmente
sfruttabili da aggressori per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 58
Firefox versioni precedenti alla ESR 52.6
Thunderbird versioni precedenti alla 52.6
:: Impatto
Esecuzione di codice arbitrario
Accesso ad informazioni sensibili
Attacchi di tipo cross-site scripting
Spoofing di URL
Crash o denial of service
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird all'ultima versione
https://www.mozilla.org/it/thunderbird/new/
:: Riferimenti
Mozilla Security Advisories
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04
US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/01/23/Mozilla-Releases-Security-Updates
https://www.us-cert.gov/ncas/current-activity/2018/01/25/Mozilla-Releases-Security-Update-Thunderbird
SecurityTracker.com
https://securitytracker.com/id/1040270
Debian Security Advisory
https://www.debian.org/security/2018/dsa-4096
Ubuntu Security Notice
https://usn.ubuntu.com/usn/usn-3544-1/
Threatpost
https://threatpost.com/firefox-chrome-patch-vulnerabilities-add-security-features/129658/
Riferimenti CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5122
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlpq8WwACgkQwZxMk2USYEJz3gCgyWzBXGOp7He7qOauv5gJK6E5
SRsAnRfnJFJcdPjyokjARluy9GkvBm2M
=wlvS
-----END PGP SIGNATURE-----