Bala Krishna, Sergey Yakovlev Security Vulnerabilities

Firefox and Xulrunner vulnerabilities

Releases Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 9.04 Ubuntu 8.04 Packages firefox - safe and easy web browser from Mozilla firefox-3.0 - safe and easy web browser from Mozilla firefox-3.5 - safe and easy web browser from Mozilla xulrunner-1.9.1 - XUL + XPCOM application runner...

Security fix for the ALT Linux 5 package poppler5 version 0.12.4-alt0.M51.3

Oct. 20, 2010 Sergey V Turchin 0.12.4-alt0.M51.3 - fix...

Security fix for the ALT Linux 6 package kernel-image-hpc-skif version 2.6.32-alt24

Oct. 20, 2010 Sergey Bolshakov 2.6.32-alt24 - 2.6.32.24 - CVE-2010-3904...

SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:049

Check for the Version of...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Fixed in 15.0.874.121: [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120: [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. ...

Linux kernel vulnerabilities

Releases Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 9.04 Ubuntu 8.04 Ubuntu 6.06 Packages linux - Linux kernel linux-ec2 - Linux kernel for EC2 linux-source-2.6.15 - Linux kernel Details Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters....

SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:049

Check for the Version of...

Use-after-free error in nsBarProp — Mozilla

Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property...

Security fix for the ALT Linux 5 package poppler5 version 0.12.4-alt0.M51.2

Oct. 14, 2010 Sergey V Turchin 0.12.4-alt0.M51.2 - fix CVE-2010-3702,...

Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt6

Oct. 14, 2010 Sergey V Turchin 3.5.10-alt6 - CVE-2010-3702 CVE-2010-3704...

Microsoft Security Bulletin MS10-073 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)

Microsoft Security Bulletin MS10-073 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) Published: October 12, 2010 Version: 1.0 General Information Executive Summary This security update resolves several publicly disclosed vulnerabilities in the....

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)

Mozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)

Mozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)

Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products....

openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)

Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)

Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)

Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products....

Microsoft Security Bulletin MS10-061 - Critical Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)

Microsoft Security Bulletin MS10-061 - Critical Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) Published: September 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Print Spooler.....

Mozilla Foundation Security Advisory 2010-51

Mozilla Foundation Security Advisory 2010-51 Title: Dangling pointer vulnerability using DOM plugin array Impact: Critical Announced: September 7, 2010 Reporter: Sergey Glazunov Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird...

Mozilla Patches Firefox DLL Load Hijacking Bug

Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities (11 rated critical), including the publicly known DLL.....

Dangling pointer vulnerability using DOM plugin array — Mozilla

Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and....

Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The...

Google Pays $2K for Chrome Vulnerability

Google has paid out its highest sum yet, $2,000, for the discovery of a high-risk vulnerability found in its Chrome browser. The recipient is developer Sergey Glazunov, who found a DOM method-related means of circumventing the same origin policy. Read the full article. [The H...

VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)

About the security content of Safari 5.0 and Safari 4.1 * Last Modified: June 07, 2010 * Article: HT4196 [Email this article] [Print this page] Summary This document describes the security content of Safari 5.0 and Safari 4.1. For the protection of our customers, Apple does not disclose, discuss,.....

Last Week in Security

This was an amazingly busy news week in the security world, with a lot of major stories competing for your attention: Microsoft sharing pre-patch vulnerability data with foreign governments, IBM handing out certified pre-owned USB keys, Google spying on Wi-Fi users. If you missed anything, never...

Google in Apology Mode After WiFi Data Grab

Google co-founder Sergey Brin says the company “screwed up” when it equipped its world-roving Street View cars with software code that spent three years capturing personal data from open Wi-Fi networks. “Let me just say: We screwed up,” Brin told a room full of reporters this afternoon at the...

Security fix for the ALT Linux 8 package qt4 version 4.6.2-alt3

May 19, 2010 Sergey V Turchin 4.6.2-alt3 - update kde-qt patches - add cups fixes - add fixes for CVE-2010-0047 CVE-2010-0051 CVE-2010-0054 CVE-2010-0648 CVE-2010-0656 CVE-2010-0046 CVE-2010-0049 CVE-2010-0050 CVE-2010-0052 ...

Security fix for the ALT Linux 5 package qt4 version 4.5.3-alt3.M50P.1

May 19, 2010 Sergey V Turchin 4.5.3-alt3.M50P.1 - add fixes for CVE-2010-0046 CVE-2010-0049 CVE-2010-0050 CVE-2010-0052 CVE-2010-0047 CVE-2010-0054...

ID Theft Ring Suspect Caught in India

Sergey Storchak was detained after he landed in New Delhi on a domestic flight from the southwestern holiday state of Goa, a police spokesman said. He is one of 11 people wanted by the U.S. Justice Department in “the largest hacking and identity theft case ever prosecuted,” which was filed in...

Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt4

Dec. 24, 2009 Sergey V Turchin 3.5.10-alt4 - update to lastest branch 3.5 - Security fixes: - CVE-2009-0945 -...

Security fix for the ALT Linux 5 package netatalk version 2.0.5-alt1

Dec. 22, 2009 Sergey Kurakin 2.0.5-alt1 - 2.0.5: + fix CVE-2008-5718 + more...

Security fix for the ALT Linux 5 package poppler5 version 0.12.2-alt1

Dec. 11, 2009 Sergey V Turchin 0.12.2-alt1 - new version -...

Security fix for the ALT Linux 5 package poppler5 version 0.12.1-alt1

Oct. 19, 2009 Sergey V Turchin 0.12.1-alt1 - new version - add linker version script for libpoppler - security fixes: - CVE-2009-3608 ObjectStream integer...

Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt3

Oct. 19, 2009 Sergey V Turchin 3.5.10-alt3 - security fixes: -...

Outlook Web Access Attack Using Pushdo Botnet

Here are some technical details on the Outlook Web Access phishing scheme. 1. The Spam According to our preliminary research, the spam emails which attacked OWA users, including Kaspersky, were sent using the pushdo botnet – which is based on malware from the Backdoor.Win32.NewRes family. These...

The Malware Cash Factory

Over on our sister site Viruslist.com, researchers Sergey Golovanov and Igor Soumenkov have published an article that studies a single spam e-mail and illustrates the methods used by cyber criminals to create botnets and conduct mass spam mailings. The methods and techniques used are clearly...

Security fix for the ALT Linux 8 package qt4 version 4.5.2-alt6

Sept. 11, 2009 Sergey V Turchin 4.5.2-alt6 - add patch to fix CVE-2009-2700 - patch from kde-qt to add support for isOpen in mysql driver plugin - add patch from MDV to fix qmake wformat...

Security fix for the ALT Linux 5 package qt4 version 4.5.2-alt6

Sept. 11, 2009 Sergey V Turchin 4.5.2-alt6 - add patch to fix CVE-2009-2700 - patch from kde-qt to add support for isOpen in mysql driver plugin - add patch from MDV to fix qmake wformat...

Security fix for the ALT Linux 8 package kde4libs version 4.2.4-alt3

June 29, 2009 Sergey V Turchin 4.2.4-alt3 - CVE-2009-0945, CVE-2009-1690...

Security fix for the ALT Linux 9 package clamav version 0.95.2-alt1

June 22, 2009 Sergey Y. Afonin 0.95.2-alt1 - NMU - 0.95.2 (fixes: ALT#19770 ) (contains security fixes for CVE-2008-6680, CVE-2009-1241, CVE-2009-1270, CVE-2009-1371,...

Security fix for the ALT Linux 8 package clamav version 0.95.2-alt1

June 22, 2009 Sergey Y. Afonin 0.95.2-alt1 - NMU - 0.95.2 (fixes: ALT#19770 ) (contains security fixes for CVE-2008-6680, CVE-2009-1241, CVE-2009-1270, CVE-2009-1371,...

Security fix for the ALT Linux 10 package clamav version 0.95.2-alt1

June 22, 2009 Sergey Y. Afonin 0.95.2-alt1 - NMU - 0.95.2 (fixes: ALT#19770 ) (contains security fixes for CVE-2008-6680, CVE-2009-1241, CVE-2009-1270, CVE-2009-1371,...

Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability

No description provided by...

Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability

Exploit for unknown platform in category web...

Joomla! Component Akobook 2.3 - 'gbid' SQL Injection

...

Joomla Akobook 2.3 SQL Injection

...

Joomla! Component Akobook 2.3 - gbid SQL Injection

Joomla! Component Akobook 2.3 - gbid SQL...

CVE-2009-1354

Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the...