Security Garden

Wednesday, March 25, 2015

Pale Moon Moon Update To Address pwn2own Contest Vulnerability

Tweet This

Pale Moon
Pale Moon has been updated to version 25.3.1 to address a critical vulnerability discovered in the HP Zero Day Initiative's Pwn2Own contest.  Only one vulnerability discovered applied to Pale Moon.

From the Release Notes:


Security fix:
  • Fixed security vulnerability CVE-2015-0818. This vulnerability would allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

    Additional Fix:
    • Fixed IPv6 DNS resolution regression in some less common cases.

    Minimum system Requirements (Windows):
    • Windows Vista/Windows 7/Windows 8/Server 2008 or later
    • A processor with SSE2 support
    • 256 MB of free RAM (512 MB or more recommended)
    • At least 150 MB of free (uncompressed) disk space
    Pale Moon includes both 32- and 64-bit versions for Windows:
    Other versions:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.



      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...








      Saturday, March 21, 2015

      Updated Security Fix Released in Mozilla Firefox Version 36.0.4

      Tweet This


      Firefox
      Mozilla sent Firefox Version 36.0.4 and Firefox ESR 31.5.3 to the release channel to repair the incomplete version of this fix that was shipped in Firefox 36.0.3, resulting from the HP Zero Day Initiative's Pwn2Own contest. The update includes one (1) revised critical security update.

      Fixed in Firefox 36.0.4

      • 2015-28 Privilege escalation through SVG navigation

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...




      Mozilla Firefox Version 36.0.3 Released with Critical Security Updates

      Tweet This


      Firefox
      Mozilla sent Firefox Version 36.0.3 and Firefox ESR 31.5.2 to the release channel to fix security issues disclosed at the HP Zero Day Initiative's Pwn2Own contest. The update includes two (2) critical security updates.

      It appears that version 36.0.2 has been skipped in order to release the critical updates.

      Fixed in Firefox 36.0.3

      • 2015-29 Code execution through incorrect JavaScript bounds checking elimination
      • 2015-28 Privilege escalation through SVG navigation

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...