MAAS History
Archives
Tuesday
Jun232009

Thunderbird 2.0.0.22

DateTuesday, June 23, 2009 at 06:01PM

Issues have been fixed in Thinderbird including arbitrary code execution, SSL tampering, memory corruption and same-origin violations when Flash loads. Some of these issues also affected Firefox and were fixed in version 3.0.11. If you or your organization is using Thunderbird as your mail application install update 2.0.0.22.

http://www.mozillamessaging.com/en-US/thunderbird/2.0.0.22/releasenotes/

AuthordrStrangeP0rk | CommentPost a Comment | Reference7 References |
in , ,
Thursday
Jun182009

IPhone OS 3.0

DateThursday, June 18, 2009 at 09:36AM

Apple has released the latest iPhone OS to address many vulnerabilities which can allow an attacker to cause a DoS, compromise integrity, compromise confidentiality, conduct cross site scripting attacks and execute arbitrary code. iPhone users should apply the patch immediately.

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , ,
Thursday
Jun112009

Firefox 3.0.11 Update

DateThursday, June 11, 2009 at 07:26PM

Various fixes are in Firefox 3.0.11 including the following:

 

  • MFSA 2009-32 JavaScript chrome privilege escalation
  • MFSA 2009-31 XUL scripts bypass content-policy checks
  • MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar
  • MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
  • MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object
  • MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
  • MFSA 2009-26 Arbitrary domain cookie access by local file: resources
  • MFSA 2009-25 URL spoofing with invalid unicode characters
  • MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

 

AuthordrStrangeP0rk | CommentPost a Comment | Reference9 References |
in
Wednesday
Jun102009

Microsoft Word, Excel and Office Helper Application Patches

DateWednesday, June 10, 2009 at 07:58AM

Ten vulnerabilities that are in components or helper applications that ship with Microsoft Office have been patched. All of them have similar attack methods, a user must download and open a file that contains the maliciously crafted code to their computer. This will allow the attacker to gain that users authentication and authorization privileges. The exploit can be found in various Office document types including .doc, .xls and .wps/.wks. Users of office should apply these patches via Microsoft's automatic update application.

AuthordrStrangeP0rk | CommentPost a Comment | Reference3 References |
in ,
Tuesday
Jun092009

APSB09-07 - Security Updates available for Adobe Reader and Acrobat

DateTuesday, June 9, 2009 at 06:37PM

Run the Adobe Updater for Acrobat 9.1.1 and Reader 9.1.1

<<From the Security Bulletin>>

Critical vulnerabilities have been identified in Adobe Reader
9.1.1 and Acrobat 9.1.1 and earlier versions. These
vulnerabilities would cause the application to crash and could
potentially allow an attacker to take control of the affected
system.

Adobe recommends users of Adobe Reader 9 and Acrobat 9 and
earlier versions update to Adobe Reader 9.1.2 and Acrobat 9.1.2.
Adobe recommends users of Acrobat 8 update to Acrobat 8.1.6, and
users of Acrobat 7 update to Acrobat 7.1.3. For Adobe Reader
users who can't update to Adobe Reader 9.1.2, Adobe has provided
the Adobe Reader 8.1.6 and Adobe Reader 7.1.3 updates. Updates
apply to Windows and Macintosh. Security updates for Adobe
Reader on the UNIX platform will be available on June 16, 2009;
the Bulletin will be updated to reflect their availability on
that date.

This update incorporates the initial output of code hardening
efforts discussed in a May 20 Adobe ASSET (Adobe Secure Software
Engineering Team) blog post, as well as externally reported
issues.

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in ,
Page 1 ... 38 39 40 41 42 ... 46 Next 5 Entries ยป