TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0. This issue is currently under investigation. To protect our users, the details of the issue … Read more
As today’s headlines confirm, there is still a lot of confusion about what happened to the Vietnamese language pack, who is impacted, and what that impact really is. First of … Read more
The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. … Read more
Firefox 2.0.0.12 is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
Background on this issue is available here. Impact An attacker can use this vulnerability to collect session information, including session cookies and session history. Firefox is not vulnerable by default. … Read more
Issue A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure. Impact When a chrome package is “flat” rather … Read more
Secunia released a report this week that discusses a few aspects of the security landscape for 2007. Techworld ran a story based on this report with this headline: “Red Hat … Read more
Issue The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site. … Read more
Jeff Jones, a director of security strategy at Microsoft published a report today about counting bugs. I blogged a few months ago about why I think counting bugs is less … Read more
Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3. An attacker can lure a victim to load a web page with an embedded media object or a … Read more
Issue jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to … Read more
Firefox 2.0.0.8 was released yesterday as part of our continuing efforts to improve the security of the web browser. This security update contains fixes for security issues described here and … Read more