Alert GCSA-11033 - Vulnerabilita' multiple nei prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11033
Data : 29 Aprile 2011
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, scavalcare le restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.5.19
Mozilla Firefox versioni precedenti alla 3.6.17
Mozilla Firefox versioni precedenti alla 4.0.1
Mozilla Thunderbird versioni precedenti alla 3.1.10
Mozilla SeaMonkey versioni precedenti alla 2.0.14
:: Impatto
Esecuzione remota di codice arbitrario
Security Bypass
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.17 o 3.5.19 o 4.0.1:
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.1.10 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.14 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
http://www.mozilla.org/security/announce/2011/mfsa2011-13.html
http://www.mozilla.org/security/announce/2011/mfsa2011-14.html
http://www.mozilla.org/security/announce/2011/mfsa2011-15.html
http://www.mozilla.org/security/announce/2011/mfsa2011-16.html
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
http://www.mozilla.org/security/announce/2011/mfsa2011-18.html
Secunia
http://secunia.com/advisories/44357
http://secunia.com/advisories/44407
http://secunia.com/advisories/44406
Securityfocus
http://www.securityfocus.com/bid/47635
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTbq36POB+SpikaiRAQLuQwQAvhsYWhrUpxYWoTFp61A6jk3zgBlFiPQ0
aBj5PbrDEvm8U5EKPYj9aG4NrUjinnGjvFHOIUBllxaNCOAvm86ckJByD2EoQrzF
U05t+KJKjsOXQRMvDeDbDLJE+HPckaCPkTyOukVt/+ru93rpA3WANpTsFmYv2anQ
ElTgbA5QLOY=
=Qd2b
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11033
Data : 29 Aprile 2011
Titolo : Vulnerabilita' multiple nei prodotti Mozilla
******************************************************************
:: Descrizione del problema
Sono state individuate varie vulnerabilita' nei prodotti Mozilla
Firefox, Thunderbird e SeaMonkey che se sfruttate potrebbero
permettere ad un attaccante remoto di manipolare e divulgare
informazioni, scavalcare le restrizioni di sicurezza o compromettere
un sistema vulnerabile.
:: Software interessato
Mozilla Firefox versioni precedenti alla 3.5.19
Mozilla Firefox versioni precedenti alla 3.6.17
Mozilla Firefox versioni precedenti alla 4.0.1
Mozilla Thunderbird versioni precedenti alla 3.1.10
Mozilla SeaMonkey versioni precedenti alla 2.0.14
:: Impatto
Esecuzione remota di codice arbitrario
Security Bypass
:: Soluzioni
Aggiornare Mozilla Firefox alle versioni 3.6.17 o 3.5.19 o 4.0.1:
http://www.mozilla.com/firefox/
Aggiornare Mozilla Thunderbird alla versione 3.1.10 :
http://www.mozilla.com/thunderbird
Aggiornare Mozilla SeaMonkey alla versione 2.0.14 :
http://www.mozilla.org/projects/seamonkey/
:: Riferimenti
Mozilla Foundation Security Advisory
http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
http://www.mozilla.org/security/announce/2011/mfsa2011-13.html
http://www.mozilla.org/security/announce/2011/mfsa2011-14.html
http://www.mozilla.org/security/announce/2011/mfsa2011-15.html
http://www.mozilla.org/security/announce/2011/mfsa2011-16.html
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
http://www.mozilla.org/security/announce/2011/mfsa2011-18.html
Secunia
http://secunia.com/advisories/44357
http://secunia.com/advisories/44407
http://secunia.com/advisories/44406
Securityfocus
http://www.securityfocus.com/bid/47635
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTbq36POB+SpikaiRAQLuQwQAvhsYWhrUpxYWoTFp61A6jk3zgBlFiPQ0
aBj5PbrDEvm8U5EKPYj9aG4NrUjinnGjvFHOIUBllxaNCOAvm86ckJByD2EoQrzF
U05t+KJKjsOXQRMvDeDbDLJE+HPckaCPkTyOukVt/+ru93rpA3WANpTsFmYv2anQ
ElTgbA5QLOY=
=Qd2b
-----END PGP SIGNATURE-----