Alert GCSA-20002 - Aggiornamento di sicurezza per Mozilla Firefox e Firefox ESR
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*********************************************************************
Alert ID: GCSA-20002
Data: 09 Gennaio 2020
Titolo: Aggiornamento di sicurezza per Mozilla Firefox e Firefox ESR
*********************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Mozilla Firefox e
Mozilla Firefox ESR, che potrebbero essere sfruttate da un attaccante
remoto per causare condizioni di denial of service, oltrepassare
restrizioni di sicurezza e rivelare informazioni sensibili, su un
sistema che ne sia affetto.
Inoltre a distanza di poche ore, Mozilla ha rilasciato un ulteriore
aggiornamento di sicurezza, considerato critico.
:: Software interessato
Firefox versioni precedenti alla 72.0.1
Firefox ESR versioni precedenti alla 68.4.1
:: Impatto
Denial of Service
Security Restriction Bypass
Information Disclosure
:: Soluzioni
Aggiornare Firefox all'ultima versione.
Firefox
https://www.mozilla.org/it/firefox/new/
Firefox ESR
https://www.mozilla.org/en-US/firefox/organizations/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
CERT Nazionale
https://www.certnazionale.it/news/2020/01/08/risolte-gravi-vulnerabilita-in-mozilla-firefox-72/
CART-PA
https://www.cert-pa.it/notizie/mozilla-e-google-rilasciano-nuovi-aggiornamenti-e-coreggono-diverse-vulnerabilita-nei-rispettivi-browser/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-releases-security-updates-firefox-and-firefox-esr
https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17025
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXhg6GAAKCRDBnEyTZRJg
QtPoAKCQl1dla/isG00oi/30cgOGtP0GkgCfbghepbhvvZKBATrs3nSK+fsus0Q=
=UHUY
-----END PGP SIGNATURE-----
Hash: SHA1
*********************************************************************
Alert ID: GCSA-20002
Data: 09 Gennaio 2020
Titolo: Aggiornamento di sicurezza per Mozilla Firefox e Firefox ESR
*********************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in Mozilla Firefox e
Mozilla Firefox ESR, che potrebbero essere sfruttate da un attaccante
remoto per causare condizioni di denial of service, oltrepassare
restrizioni di sicurezza e rivelare informazioni sensibili, su un
sistema che ne sia affetto.
Inoltre a distanza di poche ore, Mozilla ha rilasciato un ulteriore
aggiornamento di sicurezza, considerato critico.
:: Software interessato
Firefox versioni precedenti alla 72.0.1
Firefox ESR versioni precedenti alla 68.4.1
:: Impatto
Denial of Service
Security Restriction Bypass
Information Disclosure
:: Soluzioni
Aggiornare Firefox all'ultima versione.
Firefox
https://www.mozilla.org/it/firefox/new/
Firefox ESR
https://www.mozilla.org/en-US/firefox/organizations/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
CERT Nazionale
https://www.certnazionale.it/news/2020/01/08/risolte-gravi-vulnerabilita-in-mozilla-firefox-72/
CART-PA
https://www.cert-pa.it/notizie/mozilla-e-google-rilasciano-nuovi-aggiornamenti-e-coreggono-diverse-vulnerabilita-nei-rispettivi-browser/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-releases-security-updates-firefox-and-firefox-esr
https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17025
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXhg6GAAKCRDBnEyTZRJg
QtPoAKCQl1dla/isG00oi/30cgOGtP0GkgCfbghepbhvvZKBATrs3nSK+fsus0Q=
=UHUY
-----END PGP SIGNATURE-----