Malware found in Firefox Add-ons

by certifiedbug on February 5, 2010

in Browser

Security Issue on AMO according to Mozilla alert.

Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.

Impact to users

If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.

Mozilla

In May of 2008 Mozilla admitted that a worm inside a Vietnamese language add-on had gone undetected for months.

Certifiedbug November 23, 2009: Vulnerabilities in Firefox extensions

Tags: --

{ 0 comments }

Microsoft Security Advisory (980088)

by certifiedbug on February 4, 2010

in Browser

TechNet.

Vulnerability in Internet Explorer Could Allow Information Disclosure
Published: February 03, 2010

Version: 1.0

Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.

At this time, we are unaware of any attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Article: http://www.microsoft.com/technet/security/advisory/980088.mspx

Tags: --

{ 0 comments }

Reminder: Expiration of Windows 7 RC is on the horizon

February 1, 2010

Windows 7 Blog
On February 15th, people still running the Windows 7 Release Candidate (RC) will receive a notification reminding them that starting March 1st, 2010, their PC will begin experiencing bi-hourly shutdowns. These shutdowns will continue through June 1st, 2010.
On June 1st, 2010, a non-genuine experience is triggered where your wallpaper is removed and “This [...]

Read the full article →

Google phasing out support for old browsers

January 30, 2010

​The web has evolved in the last ten years, from simple text pages to rich, interactive applications including video and voice. Unfortunately, very old browsers cannot run many of these new features effectively. So to help ensure your business can use the latest, most advanced web apps, we encourage you to update your browsers as [...]

Read the full article →

Gates Foundation Pledges $10 Billion for vaccines

January 30, 2010

In addition to the $4.5 billion that the Gates Foundation has already committed to vaccine research to date, Bill and Melinda Gates announced Friday that they will commit $10 billion over the next decade to research, development and vaccine delivery for the world’s poorest countries.
http://www.gatesfoundation.org/press-releases/Pages/decade-of-vaccines-wec-announcement-100129.aspx

Tags: Gates

Read the full article →

Edelman on Upromise

January 21, 2010

Benjamin Edelman
January 21, 2010

Upromise Savings — At What Cost?
Upromise touts opportunities for college savings. When members shop at participating online merchants, dine at participating restaurants, or purchase selected products at retail stores, Upromise collects commissions which fund college savings accounts.
Unfortunately, the Upromise Toolbar also tracks users’ behavior in excruciating detail. In my testing, when [...]

Read the full article →

Firefox 3.6 Released

January 21, 2010

Notable Firefox 3.6 features include:

Available in more than 70 languages – get your local version.
Support for a new type of theme called Personas, which allow users to change Firefox’s appearance with a single click.
Protection from out-of-date plugins to keep users safer as they browse.
Open, native video can now be displayed full [...]

Read the full article →

Advance Notification for Out-of-Band Bulletin Release

January 20, 2010

The Microsoft Security Response Center (MSRC)
Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled [...]

Read the full article →

FCC: Wireless Mic operators given six months to stop using 700MHz Spectrum Band

January 19, 2010

Under a new FCC rule, anyone who uses a wireless microphone that operates in the 700 MHz Band will have to stop operating their wireless microphone by June 12, 2010. To see if this law affects your wireless microphone, check our Manufacturers Equipment list.
Why did the FCC make this rule?
Certain wireless microphones have operated [...]

Read the full article →

Security Advisory 979352 update will be released Out of Band

January 19, 2010

MSRC TEAM
Tuesday, January 19

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.
We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an [...]

Read the full article →

← Previous Entries