Alert GCSA-20107 - Aggiornamento di sicurezza per prodotti Mozilla

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




******************************************************************

alert ID: GCSA-20107
data: 20 Novembre 2020
titolo: Aggiornamento di sicurezza per prodotti Mozilla

******************************************************************

:: Descrizione del problema

Mozilla ha rilasciato nuove versioni del browser Firefox,
Firefox ESR e Thunderbird, con le quali risolve numerose
vulnerabilita' di cui alcune critiche.

Maggiori informazioni sono disponibili nelle segnalazioni
ufficiali alla sezione "Riferimenti".


:: Software interessato

Firefox versioni precedenti alla 83
Firefox ESR versioni precedenti alla 78.5
Thunderbird versioni precedenti alla 78.5


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Compromissione di un sistema


:: Soluzioni

Aggiornare Firefox e Thunderbird alle ultime versioni

https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/download/thanks/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
https://www.mozilla.org/en-US/firefox/organizations/
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/en-US/thunderbird/all/


:: Riferimenti

Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/

CSIRT Italia
https://csirt.gov.it/contenuti/corrette-vulnerabilita-in-firefox-al01-201119-csirt-ita

US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/11/19/mozilla-releases-security-updates-firefox-firefox-esr-and

CIS - Center of Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-and-thunderbird-could-allow-for-arbitrary-code-execution_2020-156/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26968




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert





-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX7eY8wAKCRDBnEyTZRJg
QlybAJ9DAjHMdDqsktzPTMAnHEP1eFU76ACfboa1AjcElYYsoab2zCuD44hysgI=
=rtDU
-----END PGP SIGNATURE-----