mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-63...

Auto-update compromise through DNS and SSL spoofing — Mozilla

The Firefox and Thunderbird auto-update mechanism protects itself against DNS spoofing using SSL; only a site presenting a valid certificate for aus2.mozilla.org will be trusted as a source of update information. Jon Oberheide points out, however, that many users accept unverifiable self-signed...

[Full-disclosure] [TZO-042006] Insecure Auto-Update and File execution

Zango Adware - Insecure Auto-Update and File execution Reference : TZO-042006-Zango Author : Thierry Zoller Advisory : http://secdev.zoller.lu/research/zango.htm Shameless Plug : I would like to take the opportunity to invite you to the Security Conference known as "Hack.lu 2006" in the Grand-Duc...

Toshiba Software Auto-Update Detection

Binary data 2296.prm...

CVE-1999-1526

The CVE-1999-1526 entry concerns Macromedia Shockwave 7’s auto-update feature, which transmits a user’s password and hard disk information back to Macromedia. The document indicates this affects confidentiality (partial impact) with no stated impact to integrity or availability and does not speci...