Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.
Monthly Archives: November 2015
CVE-2015-7195 (firefox)
The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.
CVE-2015-7196 (firefox, firefox_esr)
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
CVE-2015-7197 (firefox, firefox_esr)
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
CVE-2015-7198 (firefox, firefox_esr)
Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.
CVE-2015-7199 (firefox, firefox_esr)
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.
CVE-2015-7200 (firefox, firefox_esr)
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
Cisco Releases Security Updates for Web Security Appliances
Original release date: November 04, 2015
Cisco has released security updates to address multiple vulnerabilities in Web Security Appliances. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of the affected network device.
Users and administrators are encouraged to review the Cisco Security Advisories on the Command Injection, Range Request DoS, and Cache Reply DoS vulnerabilities and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Position your managed services business for success
It has been a busy time at AVG Business with our recent product releases and there is still more to come. As we roll out new tools and services, your feedback continues to be critical. Insight and comments from our channel partners and their clients help us continually raise the bar for security and managed IT business solutions.
So far, the response has been overwhelmingly positive.
Starting with our latest release of AVG Managed Workplace®, we’ve delivered the advantages of premium remote control at no additional cost and remote monitoring and management all in one platform.
We haven’t stopped there. Weeks later, we introduced our new, enterprise-class business security products that feature advanced protection. Last month, AVG also received a 100% detection rating of real-world malware and 100% detection of widespread malware from the Independent IT Security Institute, AV-TEST. Our business security products are based on this same AVG engine. This ‘double 100%’ result from AV-TEST demonstrates that our products are protecting SMBs without compromise whether the threat is new or a known malware variant that is widespread.
They say that good things come in threes, and now we’ve rolled out new onboarding training and support to help new partners get up to speed right away and established partners continue to drive growth for their managed services business.
The simple-to-follow onboarding services can be accessed through our partner portal, which was recently upgraded with a brand new user interface and easier navigation to give partners quicker access to the technology and knowledge they need to succeed.
If you’re not an AVG Business partner yet, sign up for a free 14-day trial today to check out the latest release of our Managed Workplace 9.2 product, the new services portal and onboarding tools.
Here’s a look at what you’ll find:
- A 12-month, 5-step success plan: Targeted business plans that help partners achieve monthly, quarterly or yearly milestones.
- AVG Accelerator Partner Academy: On-demand business and technical training to quickly onboard technical staff plus best practice tips and discussion on sales, marketing, business and channel operations.
- In-depth knowledge base: Frequently asked questions and information for troubleshooting issues.
- User forums: Community engagement and fast access to your peers for learning and networking.
- Sales and marketing materials: Ready-to-use content to sell AVG Managed Workplace and other AVG Business products.
But that’s not all. Coming soon, you will be able to access our new AVG Managed Services Pricing Calculator from our partner portal. This cool calculator can be used by AVG channel partners to help price their managed services, develop the desired contract margins and predict profitable monthly recurring revenue. It captures critical elements of client service: labor costs, business overhead and software licensing, onboarding and more.
These new updates are all part of our continuous effort to develop and improve upon the products and support we provide to our partners — an ongoing process that is informed by the valued feedback we receive from our growing network.
Below is just a sample of some of our most recent feedback:
“AVG Managed Workplace has completely changed how we do business. We really like it because we now have visibility on our clients’ networks. In many cases the automation feature detects and resolves an issue before something fails.” — Terry Johnson, Consultant, Infrastructure and Data Solutions, Experis
“As a value added reseller, we needed a partner that could help us create and implement solid security plans, and then deliver cost effective ongoing monitoring and maintenance of customer networks. The strength of AVG CloudCare’s cloud-based administration, integrated with the power of AVG Managed Workplace, was the answer.” — John Quatto, Channel Partner Manager, Zobrio
“Our partnership with AVG is taking our business to a whole new level. We have a complete portfolio to deliver, from the security aspect outwards. The antivirus side of our business has grown 96% year on year, and anti-spam 29%. And with hosting, Online Backup and social media services still largely untapped, the only problem is finding the time to follow up all the AVG-generated opportunities.” –Gordon Montgomery, Operations Director, MCC Computers
Visit http://www.avg.com/gb-en/partners to find out more about our AVG Business solutions and how we can help your business.
