Red Hat Security Advisory 2015-0265-01 – Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.
Monthly Archives: February 2015
Samba Remote Code Execution Vulnerability
Original release date: February 24, 2015
Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected. Patches are currently available from Debian, Red Hat, Suse, and Ubuntu. A Samba patch is available for experienced users and administrators to implement.
This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Original release date: February 24, 2015
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information or execute arbitrary code on an affected system.
Updates available include:
- Firefox 36
- Firefox ESR 31.5
- Thunderbird 31.5
Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CVE-2014-4818
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.
CVE-2014-6115
IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL.
CVE-2014-9282
Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.
Google Pwnium Program Now Open All Year
Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest at CanSecWest every spring. The Pwn2Own contest has been the origin of […]
Fedora EPEL 7 Security Update: qpid-cpp-0.30-11.el7
Resolved Bugs
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by unauthenticated user
1186308 – CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented
1184488 – build failure in qpid-cpp-0.30/src/tests/txshift.cpp<br
Fixed path to qpid-ha in the systemd service descriptor.
Resolves: BZ#1186308
Apply patch 10.
Resolves: BZ#1184488
Resolves: BZ#1181721
Enabled building the linear store.
Are you as smart as your smartphone?
How do I find my apps on this thing?
Not too many years ago we had phones that only made calls. Smartphones are the newest generation of phones that bring a lot of possibilities right to our fingers through the apps specifically designed for them. We all got used to the Windows (or Mac) world, but now we are witnessing a revolution from “standard” programs and some specialized tools to a world where every common thing can be done by our smartphones. Sometimes it seems, that the device is smarter than we are!
But can it protect itself from the increasing number of threats?
You’ll find a lot of articles on the Internet which state that security companies exaggerate the need for mobile security and antivirus protection. You’ll read that Google Play and the new security technologies of Android Lollipop are the only things necessary for security. I could post many examples of such (bad) tips, but I don’t want to waste your time or mine.
Do you use only Google Play as your app source?
A common (and wise) security tip is to stick with Google Play for downloading apps. This is good advice despite the fact that we see here in the Avast blog that Google Play fails to detect some apps as malware. Look for our mobile malware senior virus analyst Filip Chytry’s articles. He continuously discovers holes in Google Play security.
However, what if you want apps that have been banned from Google Play? No, I’m not talking about (just) adult apps. Google banned anti-ad apps, for instance. So where is a safe place to get them? The answer is simple: outside of Google Play. The Amazon Appstore for Android is quickly increasing the possibilities.
Do you think that clean apps can’t become bad ones?
Clean apps can become bad ones, and with the new Google Play permission scheme, you may not even notice. This makes updating your apps (another very common and wise hint) an additional complication.
As the apps we love can turn against us, the best tip of all is that you install a mobile security app that helps you know what it being added to your phone. Avast Mobile Security updates its virus database very often to detect the latest threats and allows you to install securely all the apps you love.
This makes you smarter than your smartphone! 
Cloudflare Deploys New Form of Encryption Across Sites
Cloudflare has deployed a new level of encryption on its service that hardens and speeds up users’ experience, especially when accessing domains via mobile browsers.