Descrizione del problema
Mozilla ha pubblicato un security advisory relativo
ad alcune vulnerabilita’ presenti nel browser Firefox.
:: Piattaforme e Software interessati
Firefox versioni precedenti alla 3.0.2
:: Impatto
Security restrictions bypass
Exposure of system information
Exposure of sensitive information
System access
DoS
:: Soluzione
Aggiornare Firefox alla versione 3.0.2
http://www.mozilla.com/en-US/firefox/all.html
http://www.mozilla.com/en-US/firefox/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
http://www.mozilla.org/security/announce/2008/mfsa2008-40.html
http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
Mitre’s CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/31346
Secunia
http://secunia.com/advisories/32011/
FrSIRT
http://www.frsirt.com/english/advisories/2008/2661
Red Hat
https://rhn.redhat.com/errata/RHSA-2008-0879.html
Ubuntu
http://www.ubuntu.com/usn/usn-645-1
http://www.ubuntu.com/usn/usn-645-2