Alert GCSA-23007 - Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
Alert ID: GCSA-23007
data: 20 Gennaio 2023
titolo: Aggiornamento di sicurezza per Mozilla Firefox e Firefox ESR
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox e Firefox ESR
con le quali risolve varie vulnerabilita', di cui 5 con gravita' "alta".
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 109
Firefox ESR 102.x versioni precedenti alla 102.7
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Accesso a dati riservati (ID)
Arbitrary File Read
Spoofing
:: Soluzioni
Aggiornare Firefox all'ultima versione
Firefox 109
Firefox ESR 102.7
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/organizations/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al06-230118-csirt-ita
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-could-allow-for-arbitrary-code-execution_2023-008
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23606
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEAREIAAYFAmPKbbEACgkQwZxMk2USYEKWNQCeIlcIppIXMGvJNbq6/tCkkNAR
QlwAn2X5rMpTBtOU3RN+vlxQGU82ON+1
=dasK
-----END PGP SIGNATURE-----
Alert ID: GCSA-23007
data: 20 Gennaio 2023
titolo: Aggiornamento di sicurezza per Mozilla Firefox e Firefox ESR
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox e Firefox ESR
con le quali risolve varie vulnerabilita', di cui 5 con gravita' "alta".
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 109
Firefox ESR 102.x versioni precedenti alla 102.7
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Accesso a dati riservati (ID)
Arbitrary File Read
Spoofing
:: Soluzioni
Aggiornare Firefox all'ultima versione
Firefox 109
Firefox ESR 102.7
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/organizations/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al06-230118-csirt-ita
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-could-allow-for-arbitrary-code-execution_2023-008
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23606
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEAREIAAYFAmPKbbEACgkQwZxMk2USYEKWNQCeIlcIppIXMGvJNbq6/tCkkNAR
QlwAn2X5rMpTBtOU3RN+vlxQGU82ON+1
=dasK
-----END PGP SIGNATURE-----