by certifiedbug on April 25, 2012
in Microsoft
Microsoft Security Blog
Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes:Latest industry vulnerability disclosure trends and analysis
- Latest industry vulnerability disclosure trends and analysis
- Latest data and analysis of global vulnerability exploit activity
- Latest trends and analysis on global malware and potentially unwanted software
- Latest analysis of threat trends in more than 100 countries/regions around the world
- Latest data and insights on how attackers are using spam and other email threats
- Latest global and regional data on malicious websites including phishing sites, malware hosting sites and drive-by download sites
In addition, we have included a section in the report focused on how the threat called Conficker continues to propagate.
http://blogs.technet.com/b/security/archive/2012/04/25/microsoft-security-intelligence-report-volume-12.aspx
by certifiedbug on April 25, 2012
in Browser
Fixed in Firefox version 12.
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.
https://www.mozilla.org/firefox/12.0/releasenotes/
Download: https://www.mozilla.org/en-US/firefox/all.html
http://www.mozilla.org/en-US/firefox/11.0/releasenotes/
https://www.mozilla.org/en-US/thunderbird/11.0/releasenotes/
Every six weeks, another Firefox train leaves the station. This week we will release another update, but not on Tuesday as we typically do. There are two reasons for this:
This Tuesday is Microsoft’s scheduled monthly update to Windows, and those updates have interacted badly with our updates before. We don’t have reason to expect specific problems with this month’s updates, but we’d rather take a day or two to understand the impact before we update all of our users.
We’re also waiting for a report from ZDI about a security vulnerability that may affect this new version of Firefox. We expect to receive the report by end of day Monday. Once we can evaluate the vulnerability, we’ll know whether we need to include a fix in Firefox before the update is released.
UPDATE: The security bug reported by ZDI is one we had already identified and fixed through our internal processes. This eliminates the need for us to delay this week’s releases, and we will be shipping them later today. However, in order to understand the impacts of Microsoft’s “Patch Tuesday” fixes, we will initially release Firefox for manual updates only. Once those impacts are understood, we’ll push automatic updates out to all of our users.
If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.
Download Firefox http://www.mozilla.org/en-US/firefox/all.html
Download Thunderbird https://www.mozilla.org/en-US/thunderbird/all.html
