MAAS History
Archives

Entries by drStrangeP0rk (171)

Thursday
Jun112009

Firefox 3.0.11 Update

Various fixes are in Firefox 3.0.11 including the following:

 

  • MFSA 2009-32 JavaScript chrome privilege escalation
  • MFSA 2009-31 XUL scripts bypass content-policy checks
  • MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar
  • MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
  • MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object
  • MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
  • MFSA 2009-26 Arbitrary domain cookie access by local file: resources
  • MFSA 2009-25 URL spoofing with invalid unicode characters
  • MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

 

Wednesday
Jun102009

Microsoft Word, Excel and Office Helper Application Patches

Ten vulnerabilities that are in components or helper applications that ship with Microsoft Office have been patched. All of them have similar attack methods, a user must download and open a file that contains the maliciously crafted code to their computer. This will allow the attacker to gain that users authentication and authorization privileges. The exploit can be found in various Office document types including .doc, .xls and .wps/.wks. Users of office should apply these patches via Microsoft's automatic update application.

Tuesday
Jun092009

APSB09-07 - Security Updates available for Adobe Reader and Acrobat

Run the Adobe Updater for Acrobat 9.1.1 and Reader 9.1.1

<<From the Security Bulletin>>

Critical vulnerabilities have been identified in Adobe Reader
9.1.1 and Acrobat 9.1.1 and earlier versions. These
vulnerabilities would cause the application to crash and could
potentially allow an attacker to take control of the affected
system.

Adobe recommends users of Adobe Reader 9 and Acrobat 9 and
earlier versions update to Adobe Reader 9.1.2 and Acrobat 9.1.2.
Adobe recommends users of Acrobat 8 update to Acrobat 8.1.6, and
users of Acrobat 7 update to Acrobat 7.1.3. For Adobe Reader
users who can't update to Adobe Reader 9.1.2, Adobe has provided
the Adobe Reader 8.1.6 and Adobe Reader 7.1.3 updates. Updates
apply to Windows and Macintosh. Security updates for Adobe
Reader on the UNIX platform will be available on June 16, 2009;
the Bulletin will be updated to reflect their availability on
that date.

This update incorporates the initial output of code hardening
efforts discussed in a May 20 Adobe ASSET (Adobe Secure Software
Engineering Team) blog post, as well as externally reported
issues.

Monday
Jun082009

Safari 4.0 Update

Safari 4.0 addresses issues in CFNetwork, libxml, Private browsing session ghosting, Web Kit and passwords remaining in memory on application exit. In addition to some new features over fifty security issues have been addressed and fixed.

Tuesday
Jun022009

QuickTime 7.6.2 Update

Apple also is including an update of QuickTime to address several vectors which can be exploited by maliciously crafted images, videos or music. In the worst case an attacker can gain complete control by exploiting a privileged user.