Alert GCSA-24027 - Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
Alert ID: GCSA-24027
Data: 22 Febbraio 2024
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e del client di posta Thunderbird con le quali risolve
13 vulnerabilita', 4 delle quali di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 123
Firefox ESR versioni precedenti alla 115.8
Thunderbird versioni precedenti alla 115.8
:: Impatto
Esecuzione da remoto di codice arbitrario (RCE)
Security Restriction Bypass
DoS
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al05-240220-csirt-ita
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2024-022
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1557
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZdc/2gAKCRDBnEyTZRJg
Qq0nAKDELlDDaJqm2CaOYiJ26eTO3fWvQwCeORJyah9b5AuquYLIQUUclKXtipo=
=Z+AH
-----END PGP SIGNATURE-----
Alert ID: GCSA-24027
Data: 22 Febbraio 2024
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e del client di posta Thunderbird con le quali risolve
13 vulnerabilita', 4 delle quali di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 123
Firefox ESR versioni precedenti alla 115.8
Thunderbird versioni precedenti alla 115.8
:: Impatto
Esecuzione da remoto di codice arbitrario (RCE)
Security Restriction Bypass
DoS
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-per-prodotti-mozilla-al05-240220-csirt-ita
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2024-022
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1557
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZdc/2gAKCRDBnEyTZRJg
Qq0nAKDELlDDaJqm2CaOYiJ26eTO3fWvQwCeORJyah9b5AuquYLIQUUclKXtipo=
=Z+AH
-----END PGP SIGNATURE-----