Thursday, July 19, 2012

Mozilla Security Updates Available

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address 15 vulnerabilities of which five categorized as critical, four as high and six as moderate.

Affected products are:
- Mozilla Firefox earlier than 14
- Mozilla Firefox ESR earlier than 10.0.6
- Mozilla Thunderbird earlier than 14
- Mozilla Thunderbird ESR earlier than 10.0.6
- Mozilla SeaMonkey earlier than 2.11

Links to the security advisories with details about addressed security issues:
MFSA 2012-56 Code execution through javascript: URLs
MFSA 2012-55 feed: URLs with an innerURI inherit security context of page
MFSA 2012-54 Clickjacking of certificate warning page
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-46 XSS through data: URLs
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Wednesday, July 18, 2012

Oracle Critical Patch Update For Q3 of 2012

Oracle has released updates for their products that fix 87 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2012.

Friday, July 13, 2012

Chrome Update Available

Google have released a new version of their Chrome web browser. Version 20.0.1132.57 contains fixes to three high catogorized vulnerabilities (CVE-2012-2842, CVE-2012-2843, CVE-2012-2844).

More information in Google Chrome Releases blog.

New Version Of VLC Player Available

VideoLAN project has released a new version of their VLC media player. Version 2.0.2 contains fixes to a big bunch of bugs including a buffer overflow vulnerability in OGG demuxer. By exploiting the vulnerability attacker may be able to execute arbitrary code in affected system.

Affected are VLC Player versions prior 2.0.2. Owners of those versions should update to the latest version.

ESET Global Threat Report for June 2012

ESET has released a report discussing global threats of June 2012.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (4.)
3. HTML/ScrInject.B (3.)
4. HTML/Iframe.B (2.)
5. JS/Iframe.AS (5.)
6. Win32/Sirefef (6.)
7. JS/TrojanDownloader.Iframe.NKE (9.)
8. Win32/Sality (8.)
9. Win32/Dorkbot (7.)
10. Win32/Ramnit (10.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, July 11, 2012

Microsoft Security Updates For July 2012

Microsoft has released security updates for July 2012. This month update contains nine security bulletins of which three critical (MS12-043, MS12-044, MS12-045) and six important (MS12-046, MS12-047, MS12-048, MS12-049, MS12-050, MS12-051).

An updated version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Symantec Intelligence Report: June 2012

Symantec has published their Intelligence report that sums up the latest threat trends for June 2012.

Report highlights:
- Spam – 66.8 percent (a decrease of 1.0 percentage points since May)
- Phishing – One in 467.6 emails identified as phishing (an increase of 0.04 percentage points since May)
- Malware – One in 316.5 emails contained malware (an increase of 0.04 percentage points since May)
- Malicious Web sites – 2,106 Web sites blocked per day (a decrease of 51.7 percent since May)
- What we know about W32.Flamer that we didn’t last month
- A look at targeted attacks for the first six months of 2012
- In-depth look a recently attempted targeted attack

The report can be viewed here.

Tuesday, July 3, 2012

WordPress 3.4.1 Released

There's been released a new version of WordPress which contains updates to security vulnerabilities and also some security hardening. More information can be read from WordPress blog.

RealPlayer Update

RealNetworks has released updated version of their RealPlayer. New version contains a fix to one security vulnerability (CVE-2012-3235).

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.