New Security Issue Under Investigation

TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0.  This issue is currently under investigation.  To protect our users, the details of the issue … Read more

Firefox 2.0.0.12 is now available

Firefox 2.0.0.12 is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12

chrome protocol directory traversal

Issue A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure. Impact When a chrome package is “flat” rather … Read more

BasicAuth dialog realm value spoofing

Issue The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site. … Read more

Vulnerability in Apple QuickTime

Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3.  An attacker can lure a victim to load a web page with an embedded media object or a … Read more

jar: Protocol XSS Security Issues

Issue jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to … Read more

Firefox 2.0.0.8 now available

Firefox 2.0.0.8 was released yesterday as part of our continuing efforts to improve the security of the web browser.  This security update contains fixes for security issues described here and … Read more