Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which seven categorized as critical, four as high and six as moderate.
Affected products are:
- Mozilla Firefox earlier than 25.0
- Mozilla Firefox ESR 24.x earlier than 24.1
- Mozilla Firefox ESR 17.x earlier than 17.0.10
- Mozilla Thunderbird earlier than 24.1
- Mozilla Thunderbird ESR 17.x earlier than 17.0.10
- Mozilla SeaMonkey earlier than 2.22
Links to the security advisories with details about addressed security issues:
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Wednesday, October 30, 2013
Monday, October 28, 2013
ITunes 11.1.2 Released
Apple have released version 11.1.2 of their iTunes media player. New version fixes a bunch of security vulnerabilities.
More information about the security content of iTunes 11.1.2 can be read from related security advisory.
Old version users should update to the latest one available.
More information about the security content of iTunes 11.1.2 can be read from related security advisory.
Old version users should update to the latest one available.
Wednesday, October 23, 2013
Symantec Intelligence Report: September 2013
Symantec have published their Intelligence report that sums up the latest threat trends for September 2013.
Report highlights:
- While no largely new target attack techniques have appeared so far in 2013, attackers continue to hone current techniques for maximum impact
- In particular, an attack group called Hidden Lynx is responsible for some of the more brazen attacks this year (as discussed in a Q&A session with one of Symantec Analysts)
- The average number of targeted attacks per day is down when compared to the same period in 2012, but up 13 percent overall when looking back at attack trends since 2011
The report (in PDF format) can be viewed here.
Report highlights:
- While no largely new target attack techniques have appeared so far in 2013, attackers continue to hone current techniques for maximum impact
- In particular, an attack group called Hidden Lynx is responsible for some of the more brazen attacks this year (as discussed in a Q&A session with one of Symantec Analysts)
- The average number of targeted attacks per day is down when compared to the same period in 2012, but up 13 percent overall when looking back at attack trends since 2011
The report (in PDF format) can be viewed here.
Thursday, October 17, 2013
Google Chrome Updated
Google have released version 30.0.1599.101 of their Chrome web browser. New version contains fixes to 5 vulnerabilities of which 3 categorized as high.
More information in Google Chrome Releases blog.
More information in Google Chrome Releases blog.
Oracle Critical Patch Update For Q4 of 2013
Oracle have released updates for their products that fix 127 security issues (including 51 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in January 2014.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in January 2014.
Wednesday, October 16, 2013
Look Out For Nasty CryptoLocker
SophosLabs warns in their blog about a really nasty malware named as CryptoLocker. CryptoLocker encrypts files of specified file types on infected system and then asks user to pay a ransom in order to get files decrypted. Details about the infection and how to protect against it can be read from the SophosLabs blog post.
Bleeping Computer has an information guide and FAQ about CryptoLocker too. It can be viewed here.
Bleeping Computer has an information guide and FAQ about CryptoLocker too. It can be viewed here.
Thursday, October 10, 2013
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix a vulnerability in their PDF products, Adobe Reader and Adobe Acrobat.
Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.04
Adobe Acrobat 11.0.04
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard, Pro and Extended
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.04
Adobe Acrobat 11.0.04
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard, Pro and Extended
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Labels:
adobe,
pdf reader,
security,
update,
vulnerability
Wednesday, October 9, 2013
Microsoft Security Updates For October 2013
Microsoft have released security updates for October 2013. This month update contains eight security bulletins of which four critical and four important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Monday, October 7, 2013
ESET Global Threat Report for September 2013
ESET have published a report discussing global threats of September 2013.
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (2.)
2. INF/Autorun (5.)
3. Win32/Sality (4.)
4. HTML/Iframe (1.)
5. HTML/ScrInject (3.)
6. Win32/Dorkbot (7.)
7. Win32/Conficker (6.)
8. Win32/Ramnit (8.)
9. Win32/Qhost (9.)
10. Win32/Virut (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (2.)
2. INF/Autorun (5.)
3. Win32/Sality (4.)
4. HTML/Iframe (1.)
5. HTML/ScrInject (3.)
6. Win32/Dorkbot (7.)
7. Win32/Conficker (6.)
8. Win32/Ramnit (8.)
9. Win32/Qhost (9.)
10. Win32/Virut (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Thursday, October 3, 2013
Google Chrome Updated
Google have released version 30.0.1599.66 of their Chrome web browser. New version contains fixes to 50 vulnerabilities of which 10 categorized as high.
More information in Google Chrome Releases blog.
More information in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)