Saturday, February 28, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, six as high, six as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 36
- Mozilla Firefox ESR earlier than 31.5
- Mozilla Thunderbird earlier than 31.5

Links to the security advisories with details about addressed security issues:
MSFA-2015-27 Caja Compiler JavaScript sandbox bypass
MSFA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
MSFA-2015-25 Local files or privileged URLs in pages can be opened into new tabs
MSFA-2015-24 Reading of local files through manipulation of form autocomplete
MSFA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
MSFA-2015-22 Crash using DrawTarget in Cairo graphics library
MSFA-2015-21 Buffer underflow during MP3 playback
MSFA-2015-20 Buffer overflow during CSS restyling
MSFA-2015-19 Out-of-bounds read and write while rendering SVG content
MSFA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR
MSFA-2015-17 Buffer overflow in libstagefright during MP4 video playback
MSFA-2015-16 Use-after-free in IndexedDB
MSFA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
MSFA-2015-14 Malicious WebGL content crash when writing strings
MSFA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
MSFA-2015-12 Invoking Mozilla updater will load locally stored DLL files
MSFA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:

Monday, February 23, 2015

Google Chrome Updated

Google have released version 40.0.2214.115 of their Chrome web browser.

More information about this in Google Chrome Releases blog.

Friday, February 20, 2015

PHP Versions 5.6.6, 5.5.22 and 5.4.38 Released

PHP development team has released 5.6.6, 5.5.22 and 5.4.38 versions of the PHP scripting language. New versions contain fixes to several bugs of which two are categorized as vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.

Monday, February 16, 2015

Symantec Intelligence Report: January 2015

Symantec have published their Intelligence report that sums up the latest threat trends for January 2015.

Report highlights:
- Finance, Insurance, & Real Estate overtook Manufacturing in the Top-Ten Industries targeted for the month of January.
- There were ten data breaches reported in January that took place during the same month. In comparison, there were 14 new data breaches reported during January that took place between February and December of 2014.
- Vulnerabilities are up during the month of January, with 494 disclosed and two zero-days discovered.

The report (in PDF format) can be viewed here.

Friday, February 13, 2015

Microsoft Security Updates For February 2015

Microsoft have released security updates for February 2015. This month update contains nine security bulletins of which three categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Saturday, February 7, 2015

Google Chrome Updated

Google have released version 40.0.2214.111 of their Chrome web browser. New version contains fixes to 11 security issues.

More information about these in Google Chrome Releases blog.

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player and earlier versions for Windows and Macintosh should update to Adobe Flash Player

- Users of Adobe Flash Player and earlier versions for Linux should update to Adobe Flash Player

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

More information can be read from Adobe's security bulletin.