Alert-GCSA-21021 - Aggiornamenti di sicurezza per prodotti Mozilla

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1





******************************************************************

Alert ID: GCSA-21021
Data: 25 Febbraio 2021
Titolo: Aggiornamenti di sicurezza per prodotti Mozilla

******************************************************************


:: Descrizione

Mozilla ha rilasciato nuove versioni dei browser Firefox e Firefox ESR,
e del client di posta Thunderbird, con le quali vengono risolte alcune
vulnerabilita', potenzialmente sfruttabili per condurre attacchi.

Maggiori informazioni sono disponibili nelle segnalazioni
ufficiali alla sezione "Riferimenti".


:: Software interessato

Firefox versioni precedenti alla 86
Firefox ESR versioni precedenti alla 78.8
Thunderbird versioni precedenti alla 78.8


:: Impatto

Esecuzione remota di codice arbitrario
Denial of Service
Aggiramento delle restrizioni di sicurezza
Cross-Site Scripting
Rivelazione di informazioni riservate


:: Soluzione

Aggiornare i software all'ultima versione

https://www.mozilla.org/it/firefox/new/

https://www.mozilla.org/en-US/firefox/organizations/

https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/en-US/thunderbird/all/
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird


:: Riferimenti

Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/

US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/02/24/mozilla-releases-security-updates-thunderbird-firefox-esr-and

Mitre CVE
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23968
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23969
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23970
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23971
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23972
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23973
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23974
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23975
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23976
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23977
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23978
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2021-23979






GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert






-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYDehPgAKCRDBnEyTZRJg
QiBHAKCjjYHvCf0Ras6fSxJ50EuftdUB7ACfcQODYNmza0ZAAms5Md838JyqecY=
=+EEE
-----END PGP SIGNATURE-----