Alert GCSA-23025 - Aggiornamento di sicurezza per Mozilla Thunderbird
******************************************************************
Alert ID: GCSA-23025
Data: 21 Febbraio 2023
Titolo: Aggiornamento di sicurezza per Mozilla Thunderbird
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato una nuova versione del client di posta Thunderbird
con le quali risolve una vulnerabilita' che potrebbe essere sfruttata
da un attaccante remoto per innescare un Denial of Service,
eseguire codice arbitrario, consentire lo spoofing,
rivelare informazioni sensibili ed oltrepassare restrizioni di sicurezza
su un sistema che ne sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Thunderbird versioni precedenti alla 102.8
:: Impatto
Spoofing
Remote Code Execution
Information Disclosure
Security Restriction Bypass
Denial of Service
:: Soluzioni
Aggiornare Thunderbird all'ultima versione
Thunderbird 102.8
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/en-US/thunderbird/all/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFj9KKewZxMk2USYEIRCCzhAKCZxHD4yXQTqNJ3g9Pk0WJW5mRefQCdFtDG
X0h/F61huKGPkfA97+S6C6M=
=u1KY
-----END PGP SIGNATURE-----
Alert ID: GCSA-23025
Data: 21 Febbraio 2023
Titolo: Aggiornamento di sicurezza per Mozilla Thunderbird
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato una nuova versione del client di posta Thunderbird
con le quali risolve una vulnerabilita' che potrebbe essere sfruttata
da un attaccante remoto per innescare un Denial of Service,
eseguire codice arbitrario, consentire lo spoofing,
rivelare informazioni sensibili ed oltrepassare restrizioni di sicurezza
su un sistema che ne sia affetto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Thunderbird versioni precedenti alla 102.8
:: Impatto
Spoofing
Remote Code Execution
Information Disclosure
Security Restriction Bypass
Denial of Service
:: Soluzioni
Aggiornare Thunderbird all'ultima versione
Thunderbird 102.8
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/en-US/thunderbird/all/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFj9KKewZxMk2USYEIRCCzhAKCZxHD4yXQTqNJ3g9Pk0WJW5mRefQCdFtDG
X0h/F61huKGPkfA97+S6C6M=
=u1KY
-----END PGP SIGNATURE-----