Friday, November 30, 2012

Minor Firefox Update to Version 17.0.1


Mozilla released what appears to be a minor update to version 17.0.1.  There are no updates listed for version 17.0.1 on the Security Advisories page.

From the Release Notes:

  • 17.0.1: Font rendering issue in Firefox 17.0 (bug 814101)
  • 17.0.1: Reverted user agent change causing some website incompatibilities
  • 17.0.1: Leaving Private Browsing with Social API enabled should reset social components (814554)
  • Pointer lock doesn't work in web apps (769150)
  • Page scrolling on sites with fixed headers (780345)

    New:
  • First revision of the Social API and support for Facebook Messenger
  • Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
  •  
To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, November 20, 2012

Mozilla Firefox 17 Released, Includes Security Updates



Firefox 17 was sent to the release channel today by Mozilla.  Included in the update are six (6) critical, nine (9) high and one (1) Moderate security update.

Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.

Security Updates Fixed in Firefox 17

    MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
    MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
    MFSA 2012-104 CSS and HTML injection through Style Inspector
    MFSA 2012-103 Frames can shadow top.location
    MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
    MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
    MFSA 2012-100 Improper security filtering for cross-origin wrappers
    MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
    MFSA 2012-98 Firefox installer DLL hijacking
    MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
    MFSA 2012-96 Memory corruption in str_unescape
    MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
    MFSA 2012-94 Crash when combining SVG text on path with CSS
    MFSA 2012-93 evalInSanbox location context incorrectly applied
    MFSA 2012-92 Buffer overflow while rendering GIF images
    MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

      What's New

      • NEW -- First revision of the Social API and support for Facebook Messenger
      • NEW -- Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
      The Release Notes include additional changes and fixed features in version 17.  As with previous versions 15, the update includes a long list of Bug Fixes, referenced below.

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

      If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, November 13, 2012

      Microsoft Security Bulletin Release for November 2012


      Microsoft released six (6) bulletins addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel.

      Three bulletins are identified as Critical, one as Important and one as Moderate.

      Bulletin NumberBulletin TitleBulletin KB
      MS12-071Cumulative Security Update for Internet Explorer 2761451
      MS12-072Vulnerabilities in Microsoft Windows 2727528
      MS12-073Vulnerabilities in Microsoft Windows 2733829
      MS12-074Vulnerabilities in Vulnerabilities in Microsoft Windows .NET Framework 2745030*
      MS12-075Vulnerabilities in Microsoft Windows 2761226
      MS12-076Vulnerabilities in Microsoft Office 2720184

      *In the event you have had problems in the past with .NET Framework updates, it is suggested that you install MS12-074 (KB2745030) separately, including a shutdown/restart.

      Support

      The following additional information is provided in the Security Bulletin:

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Thursday, November 08, 2012

      Security Bulletin Advance Notice for November 2012

      Security Bulletin
      On Tuesday, November 13, 2012, Microsoft is planning to release six (6) bulletins.

      Four bulletins are identified as Critical and address thirteen vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework.  Four vulnerabilities in Microsoft Office will be addressed in one bulletin rated Important.  The remaining bulletin rated Moderate will address two issues in Microsoft Windows.

      As I have advised in the past, if you have problems with .NET Framework updates, please install that update separately with a shutdown/restart following the update.

      As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.


      References



      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Wednesday, November 07, 2012

      Adobe Flash Player Critical Security Update



      Adobe Flash Player was updated to address security vulnerabilities.  These updates address a vulnerability that could cause the application to crash and potentially allow an attacker to take control of the affected system.


      Update Information

      The newest version for Windows and Macintosh is 11.5.502.110.  For Linux, the newest version is 11.2.202.251.

      Release date: November 6, 2012
      Vulnerability identifier: APSB12-24
      Priority: See table below
      CVE number: CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280
      Platform: All Platforms

      Flash Player Update Instructions


      Flash Player for Windows, Macintosh and Linux

      Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

      Notes:
      • Users of Adobe AIR  3.5.0.600 for Windows and Macintosh should update to Adobe AIR 3.5.
      • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
      • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
      • Uncheck any toolbar offered with Adobe products if not wanted.
      • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
      • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
      Adobe Flash Player for Android

      The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

      Do this for each browser installed on your computer.

      To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

      References







      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Saturday, November 03, 2012

      Report: Top Ten Vulnerabilities Exclude Microsoft Products

      Yes, you read the title correctly.  Kaspersky released their 2012 third quarter report of the top ten vulnerabilities and no Microsoft product is on the list.  The data in the report is based on vulnerable programs and files detected on the computers of KSN users.  There was an average of eight different vulnerabilities on each affected computer.

      Topping the list is Oracle Java, followed by Adobe products, particularly Adobe Flash Player.  Also included in the list are two Apple products, Quick Time and iTunes.  The list of vulnerabilities can be found on the Securelist, "IT Threat Evolution: Q3 2012", here.

      The takeaway?
      Don't be a statistic.  Stay safe and keep your computer updated.

      If your computer does get infected or you need assistance determining if it is up to date, post the requested logs for review in the Analysis and Malware Removal forum at LandzDown or in the Security Arena at Sysnative.com.


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...