Alert GCSA-20086 - Aggiornamento di sicurezza per Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-20086
data: 23 settembre 2020
titolo: Aggiornamento di sicurezza per Mozilla Firefox
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox
con le quali risolve varie vulnerabilita', tre delle quali
sono di alta gravita'.
Maggiori informazioni sono disponibili nelle segnalazioni
ufficiali alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 81
Firefox ESR versioni precedenti alla 78.3
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Cross Site Scripting (XSS)
Denial of Service (DoS)
Provide Misleading Information (spoofing)
:: Soluzioni
Aggiornare Firefox alle ultime versioni
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/download/thanks/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
https://www.mozilla.org/en-US/firefox/organizations/
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/
What's new in Firefox - Release Notes
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Threatpost
https://threatpost.com/firefox-81-release-bugs/159435/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15673
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFfawfEwZxMk2USYEIRAj3LAKDbbkJ9XXGks4qvR82TC7517pLISQCfcpu9
5FAnZ52kUAOJbO0wh32C9as=
=q4zS
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-20086
data: 23 settembre 2020
titolo: Aggiornamento di sicurezza per Mozilla Firefox
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox
con le quali risolve varie vulnerabilita', tre delle quali
sono di alta gravita'.
Maggiori informazioni sono disponibili nelle segnalazioni
ufficiali alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 81
Firefox ESR versioni precedenti alla 78.3
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Cross Site Scripting (XSS)
Denial of Service (DoS)
Provide Misleading Information (spoofing)
:: Soluzioni
Aggiornare Firefox alle ultime versioni
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/download/thanks/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
https://www.mozilla.org/en-US/firefox/organizations/
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/
What's new in Firefox - Release Notes
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Threatpost
https://threatpost.com/firefox-81-release-bugs/159435/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15673
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFfawfEwZxMk2USYEIRAj3LAKDbbkJ9XXGks4qvR82TC7517pLISQCfcpu9
5FAnZ52kUAOJbO0wh32C9as=
=q4zS
-----END PGP SIGNATURE-----