Mozilla Firefox 2.0.0.6 Released

By ray | Published: July 31, 2007

Firefox Logo 2Mozilla has released a security update to Firefox 2, making it the second update this month. Firefox 2.0.0.6 is available through the built-in auto-update feature or as a standalone download.

One “critical” and one “moderate” vulnerabilities are patched in this update. The critical update is “Unescaped URIs passed to external programs” which is similar to the vulnerability that was found when IE 7 passed a malformed URI to Firefox.

The moderate vulnerability is “Privilege escalation through chrome-loaded about:blank windows”. This was dependant on add-ons creating about:blank windows.

Posted in Security Vulnerability | Tagged , | Comments closed

Firefox 2.0.0.5 Released

By ray | Published: July 18, 2007

Firefox Logo 2Mozilla has released Firefox 2.0.0.5 which patches eight security vulnerabilities in Firefox. The update patched eight security vulnerabilities. The previously reported vulnerability where IE would pass a malformed URL which Firefox would then accept is one of the eight patched vulnerabilities.

Two other vulnerabilities were rated as “critical” by the Firefox team. A critical rating means:

Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Two vulnerabilities were rated as “high” which means:

Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.

The remaining three vulnerabilities where rated as moderate (1) or low(2).

The update will be installed through Firefox’s auto-update feature. You can force an update check by going to the Help on the menu and selecting “Check for Updates…”. You can also download the full version from the website and run the installation over your current installation. The update is for all languages on all operating systems.

Posted in Security Vulnerability | Tagged , | Comments closed

Adobe Patches Flash Player

By ray | Published: July 12, 2007

MS Security AlertAdobe has issued an update to Flash Player (formerly known as Macromedia Flash Player) that patches several serious security vulnerabilities. The latest version is Flash Player 9.0.47.0 They’ve also updated the older version 7 to version 7.0.70.0.

The patch may be installed through the auto update feature of Flash Player or you can visit the About Flash Player page to see what version you have installed and download the update. You can also go directly to the Adobe Flash Player download page. If you run Flash under multiple browsers you’ll have to update the player for each browser. You’ll need to close all browser windows during the installation. The update is for Flash Player on both Windows and OS X.

Posted in Security Vulnerability | Tagged , , | Comments closed

Apple Adds to Patch Tuesday

By ray | Published: July 11, 2007

MS Security AlertApple joins the the Tuesday patch party and releases a security update for Quicktime along with a bugfix update for iTunes. The patches are for the software on both Windows and OS X.

The Quicktime update, to version 7.2 includes eight security vulnerability fixes some of which will allow code execution. It also includes updates to the H.264 codec, support for full screen viewing and “numerous bug fixes”. The update requires a reboot on both Mac and Windows.

The iTunes update brings iTunes to 7.3.1 and fixes a problem with iTunes 7.3 accessing the library. No other changes are documented.

Both patches are available through Apple software update or from the Apple download page.

Posted in Security Vulnerability | Tagged , , , | Comments closed

Microsoft Patch Tuesday for July 2007

By ray | Published: July 11, 2007

MS Security AlertIt’s the second Tuesday of July and that means patches from Microsoft. This month brings six patches, three rated critical, two important, and one moderate. Only five of the patches (and only two of the critical patches) are for desktops. The sixth patch only affects server operating systems. Windows Vista also gets its own unique patch although it’s the one rated moderate.

Two of the patches affect Microsoft Office software:

MS07-036 is rated critical and affects all versions of Microsoft Excel from Excel 2000 on up. It also applies to the Office 2007 compatibility pack. It’s only rated critical for Excel 2000. Microsoft rates the other versions as “important”. The bulletin does not list any known issues.

MS07-037 is rated important and affects Microsoft Office Publisher 2007 only. The bulletin does not list any known issues.

One patch affects Vista only:

MS07-038 is rated moderate and affects Windows Vista, both 32-bit and 64-bit versions. This patches a vulnerability in the Windows Vista firewall that could allow an attacker to gather information about a host. There are no known issues listed in the bulletin.

One patch affects .NET:

MS07-040 is rated critical and affects .NET versions 1.x and 2.x, version 3.x is not affected. All operating systems are affected if they have a vulnerable version of .NET installed. There are no known issues listed in the bulletin.

The final desktop patch, MS-07-041, is rated important and affects Microsoft Internet Information Server (IIS) when running on Windows XP SP2. Earlier versions of Windows XP may be affected but Microsoft only supports service pack 2. IIS is not installed by default on Windows XP.

The server patch is is MS07-039 and is a vulnerability in Active Directory that’s rated critical.

The patches are available through automatic update or can be downloaded individually from Microsoft.

Posted in Security Vulnerability | Tagged , , | Comments closed

  • Sections

  • Categories

  • Post Archives