New Security Issue Under Investigation

TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0.  This issue is currently under investigation.  To protect our users, the details of the issue … Read more

Firefox is now available

Firefox is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at:

chrome protocol directory traversal

Issue A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure. Impact When a chrome package is “flat” rather … Read more

BasicAuth dialog realm value spoofing

Issue The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site. … Read more

Vulnerability in Apple QuickTime

Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3.  An attacker can lure a victim to load a web page with an embedded media object or a … Read more

jar: Protocol XSS Security Issues

Issue jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to … Read more