Browsing Category: Vulnerabilities

Categories: Vulnerabilities

According to a Patch Tuesday advance notice from Microsoft, there will be three security bulletins released on March 10, one rated critical.

The other two bulletins are rated “important” and can expose Windows users to spoofing attacks. All supported versions of Windows will be affected by next Tuesday’s releases, including the newer Windows Vista and Windows Server 2008.

Read more...

Categories: Vulnerabilities

The open-source Mozilla group has released Firefox 3.0.7 with fixes for at least eight security flaws, some rated critical.

The most serious of the vulnerabilities could be exploited by attackers to run code and install software, requiring no user interaction beyond normal browsing, Mozilla warned in a series of security advisories.

Read more...

Categories: Vulnerabilities

The two most highly publicized vulnerability disclosures last year also were the most highly criticized disclosures: Dan Kaminsky’s DNS bug and the SSL flaw discovered by a group of independent and academic researchers. The two events played out in similar fashions, with some details coming out in advance of the full disclosures, a partial disclosure, if you will. And that’s where the trouble started.

Read more...

Categories: Vulnerabilities

Charlie Miller (right), the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.

Read more...

Categories: Vulnerabilities

Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks.
The Opera 9.64 upgrade also adds support for DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), two anti-exploitation mechanisms that helps to limit the damage from malware attacks on the Windows platform.

Read more...

Categories: Vulnerabilities

The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.
With PHP 5.2.9 (see announcement), the PHP development team corrects a total of 50 bugs, including a publicly-known flaw that allows attackers to read the contents of arbitrary memory locations in certain situations.

Read more...