Alert GCSA-21122 - Aggiornamento di sicurezza per prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21122
Data: 4 Novembre 2021
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e Thunderbird con le quali risolve vulnerabilita' multiple.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 94
Firefox ESR versioni precedenti alla 91.3
Thunderbird versioni precedenti alla 91.3
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service
Spoofing
:: Soluzioni
Aggiornare i prodotti Mozilla alle ultime versioni
Firefox 94
Firefox ESR 91.3
Thunderbird 91.3
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
https://www.mozilla.org/en-US/firefox/organizations/
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
CSIRT Italia
https://csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-mozilla-firefox-al01-211103-csirt-ita
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/mozilla-releases-security-updates-firefox-firefox-esr-and
CIS - Center of Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-could-allow-for-arbitrary-code-execution_2021-142/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38510
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYYPfEgAKCRDBnEyTZRJg
Qm9uAJ9TqJCnzUaKYt40GCUuWtd8GWqJPwCcDBjiU49iMqZncyih5yY+ruTFbCo=
=xZ4m
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21122
Data: 4 Novembre 2021
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e Thunderbird con le quali risolve vulnerabilita' multiple.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 94
Firefox ESR versioni precedenti alla 91.3
Thunderbird versioni precedenti alla 91.3
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service
Spoofing
:: Soluzioni
Aggiornare i prodotti Mozilla alle ultime versioni
Firefox 94
Firefox ESR 91.3
Thunderbird 91.3
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
https://www.mozilla.org/en-US/firefox/organizations/
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
CSIRT Italia
https://csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-mozilla-firefox-al01-211103-csirt-ita
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/mozilla-releases-security-updates-firefox-firefox-esr-and
CIS - Center of Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-could-allow-for-arbitrary-code-execution_2021-142/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38510
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYYPfEgAKCRDBnEyTZRJg
Qm9uAJ9TqJCnzUaKYt40GCUuWtd8GWqJPwCcDBjiU49iMqZncyih5yY+ruTFbCo=
=xZ4m
-----END PGP SIGNATURE-----