Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.
Monthly Archives: May 2015
CVE-2015-2715 (firefox)
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.
CVE-2015-2716 (firefox, firefox_esr, thunderbird)
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data.
CVE-2015-2717 (firefox)
Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.
CVE-2015-2720 (firefox)
The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file.
CVE-2015-2718 (firefox)
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.
Windows 10: Use bug-free Android Apps with it!
When Satya Nadella became Microsoft’s CEO, one year ago, he suggested that things were going to change and mobility will be his main focus. Although the company has been trying it for some time now (i.e. when they bought Nokia for over 7.000 million dollars), they have never been able to stand out in the smartphone world.
Their lack of success may be in part because of their operation system uniqueness. While Windows has always been the most popular among desktop computers and laptops, they haven’t been able to win over the smartphone users. Android and iOS have always been one step ahead.
If we look into the applications market we see how the difference increases, the first two platforms are very attractive for a great number of developers, who rarely or never remember Microsoft’s virtual store. However, Microsoft has changed its tactic and now work under the maxim “if you can’t beat them, join them”, adding “and improve their product as much as you can”.
During the recent conference BUILD 2015, the company announced that applications for Android and iOS may be used in Windows tenth operational system, which will be launched this summer. The projects Islandwood (for Apple’s operational system) and Astoria (for Android) allow this translation, providing the necessary means.
Developers will have at their disposal a “universal platform”. This tool includes a complete kit to port the code written in Java for Android apps and in Apple’s language, Objective C.
But Microsoft wants to go one step further, they are also committed to safety. Not only will you be able to use the applications that were before just available in other phones, but also they assure they won’t fill up your device with malware.
Because if Google Play is full of all kinds and origins of tools, it is also full of virus and vulnerabilities that threaten your data. We have explained in other posts the many malicious apps in the platform and about security holes in Apple’s operating system.
Microsoft knows well Apple’s disadvantages and doesn’t want them in Windows 10. That’s why, together with the two previous mentioned projects, they are offering the possibility of eliminating the bugs from the apps before they are in Window’s operating system.
With this same ‘universal’ tool developers can analyze their apps for malware and then get rid of it. But the tests don’t end here, once the programs are ready they will have to go through a review team that will give them a final approval before publishing it in the store.
Within this group there are security experts that will analyze again the tools and will exclude the newly arrived that hide some kind of malicious software in their code.
It seems that Microsoft is stepping up in security matters, though we will have to wait some months until we can prove if their initiative stand out over the efforts of its competitors. If they fail to keep their promises, Windows platform will become a den of bugs fed from several fronts.
The post Windows 10: Use bug-free Android Apps with it! appeared first on MediaCenter Panda Security.
CEBA-2015:1008 CentOS 6 java-1.7.0-openjdk BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:1008 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1008.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d3fbe13bccb2a42438c92c79e7acda55c037506ed3259df82e5715a2a814175a java-1.7.0-openjdk-1.7.0.79-2.5.5.3.el6_6.i686.rpm 99af0fd0cfe58fca05543f489ec7cbbae05b98e878fec2b665ba0a40872ab18f java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.3.el6_6.i686.rpm 131adfce1bf16cbda05e9bec9b4c6f8e1ebb1dc01952fba568c253bbce77e669 java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.3.el6_6.i686.rpm 459f02b54aa3c4688f759a45970299471041b53e875c30890b47cd63a703198a java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.3.el6_6.noarch.rpm 37d862c804f8b39d5e6035c641992f6d3bb81a922b6ddb37850539212f2edd0e java-1.7.0-openjdk-src-1.7.0.79-2.5.5.3.el6_6.i686.rpm x86_64: 7ad9357930e0302e1d3a1a9701ff90abc63a4b58c95e04a0583d2aafcb53cc62 java-1.7.0-openjdk-1.7.0.79-2.5.5.3.el6_6.x86_64.rpm 43a13e9cddc0247dd078929a470b65e8adc4d71a2c854c735f1074adc48d0dfc java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.3.el6_6.x86_64.rpm 799bb8677efecce9022ff6b59d4677fce17b5fa18ba26298e2485e386047d041 java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.3.el6_6.x86_64.rpm 459f02b54aa3c4688f759a45970299471041b53e875c30890b47cd63a703198a java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.3.el6_6.noarch.rpm 800b422ba981c531cd89413440e290bee358a3c2cc2c8b8581258c3ed62e8c9b java-1.7.0-openjdk-src-1.7.0.79-2.5.5.3.el6_6.x86_64.rpm Source: 51a9e41cc0a64c24dce1fd4c395ea5984770e164d69997562a4c162b2d552cfd java-1.7.0-openjdk-1.7.0.79-2.5.5.3.el6_6.src.rpm
Get ready for Windows 10 with PC TuneUp Update
The update will include new functionality for those seeking to clean up, speed up and improve battery life of their Windows PCs and notebooks.
The new update (SU3) will automatically be installed on April 29th or will already be included if you download the AVG PC TuneUp (2015 release) trial from this page after that date. It sports the following enhancements:
Cleans up, speeds up and powers up Windows 10
AVG PC TuneUp already supports the upcoming Windows 10 operating system ahead of its planned summer 2015 release: All 39 features to reduce the typical slowdown caused by third party applications, solve bottlenecks, clean up and customize are Windows 10 ready.
Optimizing will be more important than ever before with Windows 10. Many new laptops and tablets come with smaller, but generally slower processors and smaller hard drives. That’s why AVG PC TuneUp helps to ensure all the new Windows 10 devices remain fast and have enough disk space for your programs and data.
Enhanced Cleaning for Steam, Downloads and more…
But that’s not all. This month, we’re unveiling a couple of nice new features and functionality for all you PC tweakers out there:
- Better Steam cleanup: When a game is downloaded via Steam, it downloads files like DirectX, C++ redistributables and other files necessary for the game you launch. But once you launch it, those files remain. In this release, we’re now detecting even more of these wasteful files hidden in all Steam and game folders.
- Support for the latest Google Chrome version to clean up browser cache files, history lists, auto-complete forms and more from the new Google Chrome builds.
- Download folders: Our Disk Cleaner also now cleans up the users Downloads folder, which tends to contain a ton of downloaded apps, photos, documents and other things you may not need anymore – and probably totally forgotten about.
Various Fixes Throughout the Product
We listened to your feedback: In addition to the new and enhanced features, we also fixed some minor bugs that some of your experienced when using AVG PC TuneUp, such as:
- Random crashes with 1-Click Maintenance
- A bug in which an HTML link could not be opened in Outlook
SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2)
Posted by SEC Consult Vulnerability Lab on May 14
SEC Consult Vulnerability Lab Security Advisory < 20150514-0 >
=======================================================================
title: Multiple vulnerabilities
product: Loxone Smart Home
vulnerable version: Firmware version <6.4.5.12
fixed version: 6.4.5.12
impact: Critical
homepage: http://www.loxone.com
found: 2015-03-12
by: Johannes Greil…