Saturday, July 31, 2010
Akamai Download Manager : Akamai Download Manager - Arbitrary File Download & Execution vulnerability
Users of Akamai Download Manager please be advised of an Akamai Download Manager - Arbitrary File Download & Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Akamai Download Manager-SA-07/30/2010: Akamai Download Manager - Arbitrary File Download & Execution
Akamai Download Manager
kamai's Download Manager allows attackers to download arbitrary
files onto a user's desktop. Using a so-called "blended
threat" attack it is possible to execute arbitrary code. This
attack affects the ActiveX control as well as the Java applet.
Read more at www.criticalwatch.com
Red Hat Security : RHSA-2010:0576-01 - Low: Red Hat Enterprise Linux 3 - 3-Month End Of Life Notice vulnerability
Users of Red Hat Security please be advised of a RHSA-2010:0576-01 - Low: Red Hat Enterprise Linux 3 - 3-Month End Of Life Notice vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0576-01: RHSA-2010:0576-01 - Low: Red Hat Enterprise Linux 3 - 3-Month End Of Life Notice
Red Hat Security
Description:
In accordance with the Red Hat Enterprise Linux Errata Support Policy, the
regular 7 year life-cycle of Red Hat Enterprise Linux 3 will end on October
31, 2010.
Read more at www.criticalwatch.com
MozillaFirefox : Mozilla Firefox - Various Security Issues vulnerability
Users of
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
SUSE-SA:2010:032: SUSE-SA:2010:032 - Mozilla Firefox - Various Security Issues
MozillaFirefox
Problem Description and Brief Discussion
Various security issues have been found in the Mozilla suite, and
the various browsers have been updated to fix these issues.
Read more at www.criticalwatch.com
Debian Security : New openldap packages fix potential code execution vulnerability
Users of Debian Security please be advised of a New openldap packages fix potential code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA 2077-1: DSA 2077-1 - New openldap packages fix potential code execution
Debian Security
Two remote vulnerabilities have been discovered in OpenLDAP. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-0211
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does
not check the return value of a call to the smr_normalize
function, which allows remote attackers to cause a denial of
service (segmentation fault) and possibly execute arbitrary code
via a modrdn call with an RDN string containing invalid UTF-8
sequences.
Read more at www.criticalwatch.com
SECURITY BULLETIN : HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver - Remote Execution of Arbitrary
Users of SECURITY BULLETIN please be advised of a HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver - Remote Execution of Arbitrary Code vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HPSBUX02556 SSRT100014 rev.2: HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver - Remote Execution of Arbitrary Code
SECURITY BULLETIN
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Read more at www.criticalwatch.com
Insomnia Security : EasyManage CMS - Multiple SQL injection Vulnerabilities
Users of Insomnia Security please be advised of an EasyManage CMS - Multiple SQL injection Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ISVA-100730.1: ISVA-100730.1 - EasyManage CMS - Multiple SQL injection Vulnerabilities
Insomnia Security
Description
_______________
EasyManage Content Management System is a modular system designed
by New Zealand company, Face Limited.
It contains two modules which may be easily exploited to carry out
SQL injection attacks.
Read more at www.criticalwatch.com
Red Hat Security : Critical: java-1.4.2-ibm security update vulnerability
Users of Red Hat Security please be advised of a Critical: java-1.4.2-ibm security update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0574-01: RHSA-2010:0574-01 - Critical: java-1.4.2-ibm security update
Red Hat Security
Description:
The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.
Read more at www.criticalwatch.com
SECURITY BULLETIN : HP Insight Control Power Management for Windows - Local Unauthorized Read Access to Data
Users of SECURITY BULLETIN please be advised of aHP Insight Control Power Management for Windows - Local Unauthorized Read Access to Data vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HPSBMA02549 SSRT090158 rev.2: HP Insight Control Power Management for Windows - Local Unauthorized Read Access to Data
SECURITY BULLETIN
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.Read more at www.criticalwatch.com
Jira - Multiple : Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities
Users of Jira - Multiple please be advised of a Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Jira Enterprise-SA-07/28/2010: Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities
Jira - Multiple Low Risk Vulnerabilities
Jira is prone to Cross Site Script Redirection (XSSR) also known as
Cross Site Redirection (CSR), Non-Persistent Script Injection and
Low Risk Information Disclosure.Read more at www.criticalwatch.com
Mandriva Linux Security : openldap - Multiple vulnerabilities
Users of Mandriva Linux Security please be advised of a openldap - Multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MDVSA-2010:142: MDVSA-2010:142 - openldap - Multiple vulnerabilities
Mandriva Linux Security
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openldap:
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not
check the return value of a call to the smr_normalize function, which
allows remote attackers to cause a denial of service (segmentation
fault) and possibly execute arbitrary code via a modrdn call with an
RDN string containing invalid UTF-8 sequences, which triggers a free
of an invalid, uninitialized pointer in the slap_mods_free function, as
demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0211).Read more at www.criticalwatch.com
Cetera eCommerce : Vulnerabilities in Cetera eCommerce
Users of Cetera eCommerce please be advised of a Vulnerabilities in Cetera eCommerce that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Cetera eCommerce-SA-07/28/2010: Vulnerabilities in Cetera eCommerce
Vulnerabilities in Cetera eCommerce
Details:
These are Insufficient Anti-automation and Cross-Site Scripting
vulnerabilities.
Read more at www.criticalwatch.com
Cetera eCommerce : Cetera eCommerce - XXS, SQL Injection, and SQL DB Extraction Vulnerabilities
Users of Cetera eCommerce please be advised of a Cetera eCommerce - XXS, SQL Injection, and SQL DB Extraction Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Cetera eCommerce-SA-07/28/2010-2: Cetera eCommerce - XXS, SQL Injection, and SQL DB Extraction Vulnerabilities
New vulnerabilities in Cetera eCommerce
Details:
These are Cross-Site Scripting, SQL Injection and SQL DB Structure
Extraction vulnerabilities.
Read more at www.criticalwatch.com
Red Hat Enterprise Linux : Moderate: lvm2-cluster security update vulnerability
Users of Red Hat Enterprise Linux please be advised of a Moderate: lvm2-cluster security update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0567-01: RHSA-2010:0567-01 - Moderate: lvm2-cluster security update
Red Hat Enterprise Linux
Description:
The lvm2-cluster package contains support for Logical Volume Management
(LVM) in a clustered environment.
Read more at www.criticalwatch.com
Thursday, July 29, 2010
Secunia Research : Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow vulnerability
Users of Secunia Research please be advised of an Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
KeyView-SA-07/28/2010-2: Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow
Secunia Research
3) Vendor's Description of Software
"KeyView IDOL Viewing SDK allows you to build applications with
high-fidelity viewing and printing capabilities for the word
processing, spreadsheet, presentation, graphic, multimedia,Read more at www.criticalwatch.com
Secunia Research : Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error vulnerability
Users of Secunia Research please be advised of an Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
KeyView-SA-07/28/2010-3: Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error
Secunia Research
3) Vendor's Description of Software
"KeyView IDOL Viewing SDK allows you to build applications with
high-fidelity viewing and printing capabilities for the word
processing, spreadsheet, presentation, graphic, multimedia,
Read more at www.criticalwatch.com
Secunia Research : Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow vulnerability
Users of Secunia Research please be advised of an Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
KeyView-SA-07/28/2010-4: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow
Secunia Research
3) Vendor's Description of Software
"KeyView IDOL Viewing SDK allows you to build applications with
high-fidelity viewing and printing capabilities for the word
processing, spreadsheet, presentation, graphic, multimedia,
Read more at www.criticalwatch.com
Secunia Research : Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
Users of Secunia Research please be advised of a Autonomy KeyView wkssr.dll Integer Underflow Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
KeyView-SA-07/28/2010-5: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
Secunia Research
3) Vendor's Description of Software
"KeyView IDOL Viewing SDK allows you to build applications with
high-fidelity viewing and printing capabilities for the word
processing, spreadsheet, presentation, graphic, multimedia,
compression and encoding formats that contain the information your
end-users need to access.".
Read more at www.criticalwatch.com
Debian Security : New xulrunner packages fix several vulnerabilities
Users of Debian Security please be advised of a New xulrunner packages fix several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA 2075-1: DSA 2075-1 New xulrunner packages fix several vulnerabilities
Debian Security
everal remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications.Read more at www.criticalwatch.com
Debian Security : New gnupg2 packages fix potential code execution vulnerability
Users of Debian Security please be advised of a New gnupg2 packages fix potential code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
DSA 2076-1: DSA 2076-1 New gnupg2 packages fix potential code execution
Debian Security
It was discovered that GnuPG 2 uses a freed pointer when verify a
signature or importing a certificate with many Subject Alternate Names,
potentially leading to arbitrary code execution.Read more at www.criticalwatch.com
PHPKIT WCMS : Multiple stored Cross Site Scripting Issues vulnerability
Users of PHPKIT WCMS please be advised of a Multiple stored Cross Site Scripting Issues vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MajorSecurity SA-079: MajorSecurity SA-079 - PHPKIT WCMS - Multiple stored Cross Site Scripting Issues
PHPKIT WCMS
Description
=============
"PHPKIT WCMS is an Content Management System."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in PHPKIT WCMS 1.6.5, which can be exploited by malicious people to conduct persistent cross-site scripting attacks. Read more at www.criticalwatch.com
Wednesday, July 28, 2010
Mandriva Linux Security Advisory : MDVSA-2010:139 - php vulnerability
Users of Mandriva Linux Security Advisory please be advised of a MDVSA-2010:139 - php vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MDVSA-2010:139: MDVSA-2010:139 - php
Mandriva Linux Security Advisory
Problem Description:
This is a maintenance and security update that upgrades php to 5.2.14
for CS4/MES5/2008.0/2009.0/2009.1.
Read more at www.criticalwatch.com
Mandriva Linux Security : MDVSA-2010:140 - php vulnerability
Users of Mandriva Linux Security please be advised of a MDVSA-2010:140 - php vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MDVSA-2010:140: MDVSA-2010:140 - php
Mandriva Linux Security
Problem Description:
This is a maintenance and security update that upgrades php to 5.3.3
for 2010.0/2010.1.
Read more at www.criticalwatch.com
Red Hat Enterprise Linux : Moderate: w3m security update vulnerability
Users of
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0565-01: RHSA-2010:0565-01 Moderate: w3m security update
Red Hat Enterprise Linux
3. Description:
The w3m program is a pager (or text file viewer) that can also be used as a
text mode web browser.Read more at www.criticalwatch.com
Mac OS X : WebDAV kernel extension local denial-of-service vulnerability
Users of Mac OS X please be advised of a WebDAV kernel extension local denial-of-service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Mac-SA-07/26/2010: Mac OS X WebDAV kernel extension local denial-of-service
Mac OS X WebDAV kernel extension local denial-of-service
==Description==
"Web-based Distributed Authoring and Versioning, or WebDAV, is a set
of extensions to the Hypertext Transfer Protocol that allows computer
users to edit and manage files collaboratively on remote World Wide
Web servers.Read more at www.criticalwatch.com
Symantec Antivirus : Symantec AMS Intel Alert Handler service Design Flaw vulnerability
Users of Symantec Antivirus please be advised of a Symantec AMS Intel Alert Handler service Design Flaw vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
foofus-20100725: foofus-20100725 - Symantec AMS Intel Alert Handler service Design Flaw
ymantec Antivirus Corporate Edition AMS Intel Alert Handler
Symantec Antivirus Corporate Edition AMS Intel Alert Handler
2. Description:
The Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response
capabilities to AMS2. A design error in Symantec's implementation of this function
allows an attacker who can establish a TCP connection to port 38292, on a vulnerable
host to execute commands at system level on that host.
Read more at www.criticalwatch.com
SyndeoCMS : XSS vulnerability in SyndeoCMS vulnerability
Users of SyndeoCMS please be advised of a XSS vulnerability in SyndeoCMS vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22493: XSS vulnerability in SyndeoCMS
SyndeoCMS
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
Media Player Classic : Heap Overflow/DoS Vulnerability in Media Player Classic
Users of Media Player Classic please be advised of a Heap Overflow/DoS Vulnerability in Media Player Classic that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MPC-SA-07/26/2010: Heap Overflow/DoS Vulnerability in Media Player Classic
Media Player Classic
ERROR: Symbol file could not be found. Defaulted to export symbols for C:WINDOWSsystem32kernel32.dll -
kernel32!RaiseException+0x52:
Read more at www.criticalwatch.com
Likewise Security Advisory :
Users of Likewise Security Advisory please be advised of a LWSA-2010-001 Likewise Open 5.4 & 6.0 vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
LWSA-2010-001: LWSA-2010-001 Likewise Open 5.4 & 6.0
Likewise Security Advisory
Summary:
A logic flaw has been found in the pam_lsass library that,
when run under the context of a root service (e.g. sshd,
gdm, etc.), will allow any user to logon as a lsassd
local-provider account (e.g. MACHINEAdministrator) if
the account's password is marked as expired. The cause
is that the pam_lsass library uses SetPassword logic when
detecting that the uid is 0 therefore not requiring
that the intruder validate against the expired password
before being allowed to specify a new password.
Read more at www.criticalwatch.com
Ubuntu Security : Firefox and Xulrunner vulnerability
Users of Ubuntu Security please be advised of a Firefox and Xulrunner vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-957-2: USN-957-2 Firefox and Xulrunner vulnerability
Ubuntu Security Notice USN-957-2
Details follow:
USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert
discovered that the fix for CVE-2010-1214 introduced a regression which did
not properly initialize a plugin pointer. If a user were tricked into
viewing a malicious site, a remote attacker could use this to crash the
browser or run arbitrary code as the user invoking the program.
Read more at www.criticalwatch.com
Ubuntu Security : Thunderbird vulnerabilities
Users of Ubuntu Security please be advised of a Thunderbird vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-958-1: USN-958-1 Thunderbird vulnerabilities
Ubuntu Security Notice USN-958-1
Details follow:
Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing malicious content, a remote attacker could
use this to crash Thunderbird or possibly run arbitrary code as the user
invoking the program.Read more at www.criticalwatch.com
buntu Security : Firefox and Xulrunner vulnerability
Users of buntu Security please be advised of a Firefox and Xulrunner vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-930-6: USN-930-6 Firefox and Xulrunner vulnerability
buntu Security Notice USN-930-6
Details follow:
USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert
discovered that the fix for CVE-2010-1214 introduced a regression which did
not properly initialize a plugin pointer. If a user were tricked into
viewing a malicious site, a remote attacker could use this to crash the
browser or run arbitrary code as the user invoking the program.Read more at www.criticalwatch.com
Ubuntu Security : Likewise Open vulnerability
Users of Ubuntu Security please be advised of a(Likewise Open vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-964-1: USN-964-1 Likewise Open vulnerability
Ubuntu Security Notice USN-964-1
Details follow:
Matt Weatherford discovered that Likewise Open did not correctly check
password expiration for the local-provider account. A local attacker could
exploit this to log into a system they would otherwise not have access to.
Read more at www.criticalwatch.com
Cross-Site Scripting and SQL Injection : Cross-Site Scripting and SQL Injection
Users of Cross-Site Scripting and SQL Injection please be advised of a Cross-Site Scripting and SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MC-SA-07/25/2010: Multiple vulnerabilities in MC Content Manager
Cross-Site Scripting and SQL Injection
vulnerabilities
it's
Ukrainian special service similar to CIA and MI6 (SIS).
>From 8 vulnerabilities in CMS which I found at 08.01.2007, 23.09.2007,
30.09.2007 and 10.04.2009 (5 XSS and 3 SQLi), only 4 holes were disclosed by
me (other 4 were privately reported in September 2007 and will not be
disclosed).
Read more at www.criticalwatch.com
DM Filemanager : Remote Arbitrary File Upload Exploit vulnerability
Users of DM Filemanager please be advised of a Remote Arbitrary File Upload Exploit vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
fckeditor-SA-07/24/2010: DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit
DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit
details..: works with an Apache server with the mod_mime module installed (if specific)
Read more at www.criticalwatch.com
firefox : firefox security update vulnerability
Users of firefox please be advised of a firefox security update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0556-01: RHSA-2010:0556-01 Critical: firefox security update
firefox security update
Description:
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
An invalid free flaw was found in Firefox's plugin handler. Malicious web
content could result in an invalid memory pointer being freed, causing
Firefox to crash or, potentially, execute arbitrary code with the
privileges of the user running the Firefox application. (CVE-2010-2755)
All Firefox users should upgrade to these updated packages, which contain a
backported patch that corrects this issue. After installing the update,
Firefox must be restarted for the changes to take effect.
Read more at www.criticalwatch.com
seamonkey : seamonkey security update vulnerability
Users of seamonkey please be advised of a seamonkey security update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0557-01: RHSA-2010:0557-01 Critical: seamonkey security update
seamonkey security update
Description:
SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.
An invalid free flaw was found in SeaMonkey's plugin handler. Malicious web
content could result in an invalid memory pointer being freed, causing
SeaMonkey to crash or, potentially, execute arbitrary code with the
privileges of the user running SeaMonkey. (CVE-2010-2755)
All SeaMonkey users should upgrade to these updated packages, which correct
this issue. After installing the update, SeaMonkey must be restarted for
the changes to take effect.
Read more at www.criticalwatch.com
firefox : firefox security update vulnerability
Users of firefox please be advised of a firefox security update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0558-01: RHSA-2010:0558-01 Critical: firefox security update
firefox security update
3. Description:
Mozilla Firefox is an open source web browser.
An invalid free flaw was found in Firefox's plugin handler. Malicious web
content could result in an invalid memory pointer being freed, causing
Firefox to crash or, potentially, execute arbitrary code with the
privileges of the user running Firefox. (CVE-2010-2755)
All Firefox users should upgrade to these updated packages, which contain a
backported patch that corrects this issue. After installing the update,
Firefox must be restarted for the changes to take effect.
Read more at www.criticalwatch.com
mozilla-firefox : New mozilla-firefox packages vulnerability
Users of mozilla-firefox please be advised of a New mozilla-firefox packages vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
SSA:2010-204-01: SSA:2010-204-01 mozilla-firefox
New mozilla-firefox packages
Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-3.6.8-i686-1.txz: Upgraded.
This fixes a regression in Firefox 3.6.7.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)
Read more at www.criticalwatch.com
Sunday, July 25, 2010
Ubuntu Security Notice : Firefox and Xulrunner vulnerabilities
Users of Ubuntu Security Notice please be advised of a Firefox and Xulrunner vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-957-1: USN-957-1 Firefox and Xulrunner vulnerabilities
Ubuntu Security Notice
security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
firefox-3.0 3.6.7+build2+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2
Ubuntu 10.04 LTS:
abrowser 3.6.7+build2+nobinonly-0ubuntu0.10.04.1
firefox 3.6.7+build2+nobinonly-0ubuntu0.10.04.1
xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
Read more at www.criticalwatch.com