Firefox 3.0.2

Firefox 3.0.2 is out with 5 associated security vulnerabilities. MFSA 2008-44 resource: traversal vulnerabilities MFSA 2008-43 BOM characters stripped from JavaScript before execution MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution MFSA 2008-40 Forced mouse drag

Firefox 2.0.16 and 3.0.1 released

Firefox 2.0.16 and 3.0.1 is out to fix the following security vulnerabilities. MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 Remote code execution by overflowing CSS reference counter UPDATE – looks like 3.0.1 isn’t out just yet. Keep your eyes open for it. http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

Firefox 2.0.15

Firefox 2.0.15 is out today. Open Firefox, select Help and Check for Updates. This update fixes 12 security vulnerabilities, 3 of which are described as critical. To update, open Firefox, select Help and Check for Updates or install Firefox 3.

Iconix Phishing Protection

A couple days ago I received email from Paypal titled “New PayPal Plug-In – Shop anywhere online.” That struck me as kind of suspicious so I looked at the mail headers. The headers showed the message did originate with Paypal’s servers, and more importantly it contained a domain key (DKIM). According to Wikipedia, “DomainKeys is …

Continue reading ‘Iconix Phishing Protection’ »

New Adobe Flash Vulnerability

There were multiple reports today of an unpatched Adobe Flash vulnerability currently being exploited. Symantec Bugtraq reports that this exploitation is fairly widespread.SQL injection has been used to insert code onto otherwise legitimate websites that results malware loading to exploit Flash. Not a lot to be done. You could crawl into the Firefox/noscript cave. I’d …

Continue reading ‘New Adobe Flash Vulnerability’ »

Secunia Personal Software Inspector 0.9.0.1

Secunia has released Personal Software Inspector (PSI) 0.9.0.1. As I’ve blogged about before Secunia PSI is software for the home user that reports software that is vulnerable or no longer updated by the manufacturer. The change log here lists a few interesting improvements. Improved intelligence to make it even easier for non-technical users to patch …

Continue reading ‘Secunia Personal Software Inspector 0.9.0.1’ »