Vulnerability in Apple QuickTime
Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3. An attacker can lure a victim to load a web page with an embedded media object or a … Read more
Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3. An attacker can lure a victim to load a web page with an embedded media object or a … Read more
Issue jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to … Read more
Firefox 2.0.0.8 was released yesterday as part of our continuing efforts to improve the security of the web browser. This security update contains fixes for security issues described here and … Read more
How can Mozilla be open about security issues without exposing users to additional risk? Being open about security issues means that users have the information they need to understand their … Read more
Firefox 2.0.0.7 was released this afternoon to patch the QuickTime issue described here. This will protect Firefox users from the public critical security vulnerability until a patch is available from … Read more
Issue Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code. Impact If Firefox is the default browser when a user plays a malicious … Read more
Time again to rally the infosec professionals for drinks at O’Neill’s. See you there. http://www.sockpuppet.org/baysec/
Claudio Santambrogio at Opera posted that they have been running the Mozilla JavaScript fuzzer and as of Friday have found and fixed 4 issues with it. I am thrilled. This … Read more
Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When … Read more
Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox … Read more
I’m heading to Las Vegas tomorrow for the Black Hat Briefings. If you’re in town you can catch me speaking on Thursday morning on Building and Breaking the Browser. You … Read more
We’ve just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external … Read more