Alert GCSA-22083 - Aggiornamento di sicurezza per Mozilla Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22083
Data: 27 Luglio 2022
Titolo: Aggiornamento di sicurezza per Mozilla Firefox
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato una nuova versione del browser Firefox
con la quale risolve varie vulnerabilita', alcune delle quali di livello
elevato.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 103
Firefox ESR versioni precedenti alla 91.12
Firefox ESR versioni precedenti alla 102.1
:: Impatto
Denial of Service (DoS)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle restrizioni di sicurezza (SRB)
Accesso a dati riservati (ID)
Provide Misleading Information (spoofing)
Manipolazione di dati (DM)
:: Soluzioni
Aggiornare Firefox all'ultima versione
Firefox 103
Firefox ESR 91.12
Firefox ESR 102.1
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/organizations/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-28
https://www.mozilla.org/en-US/security/advisories/mfsa2022-29
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30
Firefox - Release Notes
https://www.mozilla.org/en-US/firefox/103.0/releasenotes/
https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
https://www.mozilla.org/en-US/firefox/102.1.0/releasenotes/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36320
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFi4O4hwZxMk2USYEIRCGugAJ4g5svCWlqb0a8CxspmeyOXz/8XuACbByCU
B2SwjPpFT99AeDFTEt/vcSY=
=2DSb
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22083
Data: 27 Luglio 2022
Titolo: Aggiornamento di sicurezza per Mozilla Firefox
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato una nuova versione del browser Firefox
con la quale risolve varie vulnerabilita', alcune delle quali di livello
elevato.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 103
Firefox ESR versioni precedenti alla 91.12
Firefox ESR versioni precedenti alla 102.1
:: Impatto
Denial of Service (DoS)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle restrizioni di sicurezza (SRB)
Accesso a dati riservati (ID)
Provide Misleading Information (spoofing)
Manipolazione di dati (DM)
:: Soluzioni
Aggiornare Firefox all'ultima versione
Firefox 103
Firefox ESR 91.12
Firefox ESR 102.1
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/organizations/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-28
https://www.mozilla.org/en-US/security/advisories/mfsa2022-29
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30
Firefox - Release Notes
https://www.mozilla.org/en-US/firefox/103.0/releasenotes/
https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
https://www.mozilla.org/en-US/firefox/102.1.0/releasenotes/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36320
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFi4O4hwZxMk2USYEIRCGugAJ4g5svCWlqb0a8CxspmeyOXz/8XuACbByCU
B2SwjPpFT99AeDFTEt/vcSY=
=2DSb
-----END PGP SIGNATURE-----