Archive for 'Uncategorized' Category
Firefox 2.0.0.12 is now available
8 February 2008Firefox 2.0.0.12 is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
Vulnerability in Apple QuickTime
27 November 2007Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3. An attacker can lure a victim to load a web page with an embedded media object or a file in an email, triggering a bounds checking error in QuickTime that may allow execution of arbitrary code. This issue impacts QuickTime on Windows and […]
Firefox 2.0.0.8 now available
19 October 2007Firefox 2.0.0.8 was released yesterday as part of our continuing efforts to improve the security of the web browser. This security update contains fixes for security issues described here and an additional mitigation for Windows URI handling security issues. Please be sure to update your installation of Firefox when automatic update asks, or to get […]
Meet the Mozilla Security Group
1 October 2007How can Mozilla be open about security issues without exposing users to additional risk?
Being open about security issues means that users have the information they need to understand their risk, that the community can contribute to the security process, and that other software development projects can benefit from our experiences. Unfortunately, sharing the details of […]
Quicktime to Firefox issue
12 September 2007Issue
Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code.
Impact
If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a vulnerability in Quicktime to compromise Firefox or the local machine. This can happen while browsing or by […]
August BaySec is Tonight
20 August 2007Time again to rally the infosec professionals for drinks at O’Neill’s. See you there.
http://www.sockpuppet.org/baysec/