Ubuntu Security Notice 2702-1 – Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Monthly Archives: August 2015
Ubuntu Security Notice USN-2702-2
Ubuntu Security Notice 2702-2 – USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Frost & Sullivan Recognizes WatchGuard’s APT Blocker with the 2015 New Product Innovation Award
Award-winning Solution Brings Enterprise-grade Advanced Malware and Zero-day Threat Protection to SMBs
CESA-2015:1586 Critical CentOS 7 firefox SecurityUpdate
CentOS Errata and Security Advisory 2015:1586 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1586.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c6d196666b597fce65afed76f1d0c1d895bf65b65a560239c3e7af354a88c8c2 firefox-38.2.0-4.el7.centos.i686.rpm 7d5e310a87a424da2c81dedc06e5a39d2d1834c6c7cfa9b96f78cfadaac2ea81 firefox-38.2.0-4.el7.centos.x86_64.rpm Source: 1a70d03d18dfbd9a508748910f41e8f15e79b2aee02a7a36dfde2be7076c901f firefox-38.2.0-4.el7.centos.src.rpm
Microsoft Patches Critical Vulnerabilities in New Edge Browser
Microsoft released a security bulletin for its new Edge browser, patching four critical vulnerabilities.
Oracle CSO: You ‘Must Not Reverse Engineer Our Code’
UPDATE–Oracle, never the most researcher-friendly software vendor, has taken its antagonism to another level after publishing a blog post by CSO Mary Ann Davidson that rails against reverse engineering and saying that the company has no need for researchers to look at Oracle’s code for vulnerabilities because “it’s our job to do that, we are […]
Huge Flash Update Patches More Than 30 Vulnerabilities
Adobe has released a massive update for Flash, the application that has become the Internet’s problem child. The update contains patches for more than 30 vulnerabilities in Flash on Windows, OS X, and Linux. Adobe pushed out the fixes on Tuesday afternoon, the latest in a long series of fixes for Flash in the last […]
Bugtraq: QNAP crypto keys logged on unencrypted disk partition in world accessible files
QNAP crypto keys logged on unencrypted disk partition in world accessible files
Bugtraq: [SECURITY] [DSA 3330-1] activemq security update
[SECURITY] [DSA 3330-1] activemq security update
Bugtraq: [slackware-security] mozilla-firefox (SSA:2015-219-01)
[slackware-security] mozilla-firefox (SSA:2015-219-01)