Browser

Advisory 906
Severity: Extremely Severe
Platforms: All desktop versions

When certain parameters are passed to Opera’s History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera’s configuration, allowing them to execute arbitrary code.

Note: There have been public demonstrations of this issue, which have altered Opera’s setup. Upgrading to 9.62 will not restore these settings. If you have opened any of these demonstrations, you may have to restore your settings manually. Typically, the mailto handler has been changed; it can be restored back to its correct value using Preferences - Advanced - Programs.

http://www.opera.com/support/search/view/906/

Advisory 907
Severity: Highly Severe
Platforms: All desktop versions

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

http://www.opera.com/support/search/view/907/

Opera 9.62 for Windows: Download

Aviv Raff On .NET A different Opera

{ 0 comments }

Advisory 903
Severity: Extremely Severe
Platforms: All desktop versions

Certain constructs are not escaped correctly by Opera’s History Search results. These can be used to inject scripts into the page, which can then be used to look through the user’s browsing history, including the contents of the pages they have visited. These may contain sensitive information.

http://www.opera.com/support/search/view/903/

Advisory 904
Severity: Highly Severe
Platforms: All desktop versions

If a link that uses a JavaScript URL triggers Opera’s Fast Forward feature, when the user activates Fast Forward, the script should run on the current page. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

http://www.opera.com/support/search/view/904/

Advisory 905
Severity: Highly Severe
Platforms: All desktop versions

When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information.

http://www.opera.com/support/search/view/905/

Opera 9.61 for Windows: Download

{ 0 comments }

IE Blog.

Design criteria such as standard compliance, performance, reliability and security framed the design of IE8 as whole, for new as well as existing features. As a result, CSS expressions are no longer supported in IE8 standards mode. This change was announced previously on the IE blog, however, this post will provide a few more details about that decision. The following FAQ will give a quick overview of the feature, the rationale behind our design decision and what it may mean for your own site.

http://blogs.msdn.com/ie/archive/2008/10/16/ending-expressions.aspx

{ 0 comments }

Opera 9.60 fixes two vulnerabilities.

Advisory 901:

Specially crafted addresses can execute arbitrary code
Severity: Extremely Severe
Problem Description
If a malicious page redirects Opera to a specially crafted address (URL), it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page.

Advisory 902:

Java applets can be used to read sensitive information
Severity: Highly Severe
Problem Description
Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. These files could contain sensitive information, which could then be sent to the attacker.

Download Opera 9.60 for Windows.

{ 0 comments }

Finally NoScript 1.8.2.1 is out, featuring the announced new anti-clickjacking countermeasures enabled by default, independent from IFRAME and plugin content blocking settings.

http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/

Certifiedbug, October 7, 2008.
Adobe issues workaround for “Clickjacking” issue

{ 0 comments }

Fast on the heels of the 3.0.2 release, Mozilla has updated Firefox to version 3.0.3.

Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708)

Download
Release notes

{ 0 comments }

Fixed in Firefox 3.0.2

MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag

Security Advisory
Release Notes
Download

{ 0 comments }

CNET, Google fixes Chrome vulnerabilities–but won’t say which

The new version, 0.2.149.29, replaces the 0.2.149.27 that was released when Google launched the Chrome beta version last week. Google started releasing the update Friday, initially to a small number of users, but didn’t make much of an announcement about the change.

Google believes it’s best if Chrome applies security updates not only without a description of what’s changing, but also without an opportunity for users to decide whether to accept the patch.

{ 0 comments }

Shortly after the release of Google’s Chrome, researcher Aviv Raff discovered he could combine two vulnerabilities to trick users into launching executables directly from the new browser.

I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it’s very problematic.
They’ll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time.

Raff’s proof-of-concept shows how a malicious hacker using a social engineering lure can drop malware on Windows desktops.
Aviv Raff On .NET

Contributing to the innovation of browsers through openness
“While we see this as a fundamental shift in the way people think about browsers, we realize that we couldn’t have created Google Chrome on our own,” said Linus Upson, Director of Engineering, Google Inc. “Google Chrome was built upon other open source projects that are making significant contributions to browser technology and have helped to spur competition and innovation.”

Google Press release

Previous Certifiedbug: Safari update fixes “carpet bomb”

{ 0 comments }