Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can...

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

Mozilla Foundation Security Advisory 2009-31

Mozilla Foundation Security Advisory 2009-31 Title: XUL scripts bypass content-policy checks Impact: Low Announced: June 11, 2009 Reporter: Wladimir Palant Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.11 Description Mozilla add-on developer and community member Wladimir Palant...

Firefox XUL scripts skip some security checks

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web...

XUL scripts bypass content-policy checks — Mozilla

Mozilla add-on developer and community member Wladimir Palant reported that content-loading policies were not checked before loading external script files into XUL documents. The severity of this problem would depend on the reasons behind the content policy check, which include privacy from "web...

Report warns of 'web bugs' and privacy violations

Researchers at the University of California, Berkeley’s School of Information has released a report showing that the most popular Web sites in the United States all share data with their corporate affiliates and allow third parties to collect information directly by using tracking beacons known a...