Alert GCSA-24060 - Aggiornamento di sicurezza per prodotti Mozilla Firefox


******************************************************************

Alert ID: GCSA-24060
Data: 18 Aprile 2024
Titolo: Aggiornamento di sicurezza per prodotti Mozilla Firefox

******************************************************************

:: Descrizione del problema

Mozilla ha rilasciato nuove versioni del browser Firefox,
con le quali risolve alcune vulnerabilita' che potrebbero essere sfruttate
da un attaccante remoto per eseguire codice arbitrario,
oltrepassare restrizioni di sicurezza ed innescare condizioni di
Denial of Service su un sistema che ne sia affetto

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Firefox versioni precedenti alla 125
Firefox ESR versioni precedenti alla 115.10


:: Impatto

Remote Code Execution
Denial of Service
Security Restriction Bypass


:: Soluzioni

Aggiornare Firefox all'ultima versione

https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release


:: Riferimenti

Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3865


GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZiDXfw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCTMkAnRXidIsdrkEkVNi6r+ssyLuzg0/aAJ9GRc683+9O
QJxxJdTauWcQX5kHcw==
=BZ9Q
-----END PGP SIGNATURE-----