Alert GCSA-23049 - Aggiornamenti di sicurezza per prodotti Mozilla
******************************************************************
Alert ID: GCSA-23049
data: 13 Aprile 2023
titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni dei prodotti Firefox, Firefox ESR,
Thunderbird, con le quali risolve moltepplici vulnerabilita',
8 delle quali di livello elevato.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox, nelle versioni precedenti la 112
Firefox ESR 102.x, nelle versioni precedenti la 102.10
Thunderbird 102.x, nelle versioni precedenti la 102.10
::Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Provide Misleading Information (spoofing)
:: Soluzioni
Aggiornare Firefox alla versione piu' recente
Firefox 102.10
Firefox ESR 102.10
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/organizations/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
Thunderbird 102.10
https://www.thunderbird.net/it/
https://www.thunderbird.net/en-US/thunderbird/all/
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al03-230412-csirt-ita
CISA
https://www.cisa.gov/news-events/alerts/2023/04/11/mozilla-releases-security-advisories-multiple-products
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2023-037
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29551
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZDfN0gAKCRDBnEyTZRJg
QrZmAJ9RU3mw6B77XEfMQrFOtNMd60OhdQCeOlCeryYHkPJ/h1+E/z4e3v55kzk=
=h0vh
-----END PGP SIGNATURE-----
Alert ID: GCSA-23049
data: 13 Aprile 2023
titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni dei prodotti Firefox, Firefox ESR,
Thunderbird, con le quali risolve moltepplici vulnerabilita',
8 delle quali di livello elevato.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox, nelle versioni precedenti la 112
Firefox ESR 102.x, nelle versioni precedenti la 102.10
Thunderbird 102.x, nelle versioni precedenti la 102.10
::Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Provide Misleading Information (spoofing)
:: Soluzioni
Aggiornare Firefox alla versione piu' recente
Firefox 102.10
Firefox ESR 102.10
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/en-US/firefox/organizations/
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
Thunderbird 102.10
https://www.thunderbird.net/it/
https://www.thunderbird.net/en-US/thunderbird/all/
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al03-230412-csirt-ita
CISA
https://www.cisa.gov/news-events/alerts/2023/04/11/mozilla-releases-security-advisories-multiple-products
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2023-037
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29551
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZDfN0gAKCRDBnEyTZRJg
QrZmAJ9RU3mw6B77XEfMQrFOtNMd60OhdQCeOlCeryYHkPJ/h1+E/z4e3v55kzk=
=h0vh
-----END PGP SIGNATURE-----