Window Snyder
Jeff Jones, a director of security strategy at Microsoft published a report today about counting bugs. I blogged a few months ago about why I think counting bugs is less than useful: Since all software has bugs, it’s more important … Continue reading
Window Snyder
Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3. An attacker can lure a victim to load a web page with an embedded media object or a file in an email, triggering a bounds checking error in … Continue reading
Window Snyder
Issue jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to upload content and use this initiate a cross site scripting … Continue reading
Window Snyder
Firefox 2.0.0.8 was released yesterday as part of our continuing efforts to improve the security of the web browser. This security update contains fixes for security issues described here and an additional mitigation for Windows URI handling security issues. Please … Continue reading
Window Snyder
How can Mozilla be open about security issues without exposing users to additional risk? Being open about security issues means that users have the information they need to understand their risk, that the community can contribute to the security process, … Continue reading
Window Snyder
Firefox 2.0.0.7 was released this afternoon to patch the QuickTime issue described here. This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple. I would like to personally thank the individuals at … Continue reading
Window Snyder
Issue Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code. Impact If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a … Continue reading
Window Snyder
Time again to rally the infosec professionals for drinks at O’Neill’s. See you there. http://www.sockpuppet.org/baysec/
Window Snyder
Claudio Santambrogio at Opera posted that they have been running the Mozilla JavaScript fuzzer and as of Friday have found and fixed 4 issues with it. I am thrilled. This is exactly what we hoped would happen. Hopefully, this will … Continue reading
Window Snyder
Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When I asked him about it, he said he meant to … Continue reading