Consumer Security on the web, information to assist you in practicing safe computing
Release notes: http://www.mozilla.org/en-US/firefox/14.0.1/releasenotes/
If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.
Or download: https://www.mozilla.com/firefox/all.html
{ 0 comments }
Release notes: https://www.mozilla.org/en-US/firefox/13.0.1/releasenotes/
Flash 11.3 sometimes caused a crash on quit (747683*, fixed in 13.0.1
https://bugzilla.mozilla.org/show_bug.cgi?id=747683
Flash crashed after I updated Firefox to version 13.0.1.
http://www.zdnet.com/blog/btl/firefox-users-still-waiting-for-flash-crash-fix/80305
If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.
Or download: https://www.mozilla.com/firefox/all.html
{ 0 comments }
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Published: Tuesday, June 12, 2012
Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.
The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.
We are actively working with partners in our Microsoft Active Protections Program(MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.
Upon completion of our investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Please see the complete article:
http://technet.microsoft.com/en-us/security/advisory/2719615
A Microsoft Fix it solution is available that blocks the attack vector for this vulnerability. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible.
http://support.microsoft.com/kb/2719615
https://www.zdnet.com/blog/security/state-sponsored-attackers-using-ie-zero-day-to-hijack-gmail-accounts/12462
{ 0 comments }
Fixed in Firefox 13
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards
https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox13
Release notes: https://www.mozilla.org/en-US/firefox/13.0/releasenotes/
Bug fixes: https://www.mozilla.org/en-US/firefox/13.0/releasenotes/buglist.html
If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.
Or download: https://www.mozilla.com/firefox/all.html
{ 0 comments }
This work by http://certifiedbug.com/blog/ is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License
Quoted material is © of original author
