Alert GCSA-25001 - Aggiornamento di sicurezza per prodotti Mozilla
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25001
Data: 14 Gennaio 2025
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e del client di posta Thunderbird con le quali risolve
alcune vulnerabilita', 2 delle quali di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 134
Firefox per iOS versioni precedenti alla 134
Firefox ESR versioni precedenti alla 128.6
Firefox ESR versioni precedenti alla 115.19
Thunderbird versioni precedenti alla 134
Thunderbird versioni precedenti alla 128.6
Thunderbird versioni precedenti alla 115.19
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Elevation of Privilege
Security Restriction Bypass
Spoofing
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-06/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23109
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ4YjKQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCcB8An1TvaqDq+qwO0fDK5xDp9H8CCE4nAJwNZ0B/2RAZ
WWhrwaaEh/unZL1xsA==
=/ypR
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25001
Data: 14 Gennaio 2025
Titolo: Aggiornamento di sicurezza per prodotti Mozilla
******************************************************************
:: Descrizione del problema
Mozilla ha rilasciato nuove versioni del browser Firefox, Firefox ESR
e del client di posta Thunderbird con le quali risolve
alcune vulnerabilita', 2 delle quali di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Firefox versioni precedenti alla 134
Firefox per iOS versioni precedenti alla 134
Firefox ESR versioni precedenti alla 128.6
Firefox ESR versioni precedenti alla 115.19
Thunderbird versioni precedenti alla 134
Thunderbird versioni precedenti alla 128.6
Thunderbird versioni precedenti alla 115.19
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Elevation of Privilege
Security Restriction Bypass
Spoofing
:: Soluzioni
Aggiornare Firefox all'ultima versione
https://support.mozilla.org/en-US/kb/update-firefox-latest-release
https://www.mozilla.org/it/firefox/new/
https://www.mozilla.org/it/firefox/enterprise/
https://www.mozilla.org/it/firefox/all/#product-desktop-release
Aggiornare Thunderbird all'ultima versione
https://support.mozilla.org/it/kb/aggiornamento-di-thunderbird
https://www.mozilla.org/it/thunderbird/
https://www.thunderbird.net/it/thunderbird/all/
https://www.thunderbird.net/it/thunderbird/releases/
:: Riferimenti
Mozilla Foundation Security Advisory
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-06/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23109
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ4YjKQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCcB8An1TvaqDq+qwO0fDK5xDp9H8CCE4nAJwNZ0B/2RAZ
WWhrwaaEh/unZL1xsA==
=/ypR
-----END PGP SIGNATURE-----