Your news resource for Internet Explorer, Firefox, Opera and Safari security news vulnerabilities, virus and other important information.
Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.
Read More…
Source: National Vulnerability Database
The newest version of Minimo, the Mozilla mobile browser, became available this week in the midst of changes within the Minimo project that make its future uncertain.
Read More…
Source: Network World
TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution March 30, 2007 — CVE ID: CVE-2006-5820 — Affected Vendor: America Online — Affected Products: America Online 9.0 Security Edition — TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this …
Read More…
Source: Full Disclosure
TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability
Read More…
Source: Security Focus
(InfoWorld) - The newest version of Minimo, the Mozilla mobile browser, became available this week in the midst of changes within the Minimo project that make its future uncertain.
Minimo 0.2, available for free download, is compatible with Windows Mobile 5.0 and is smaller and faster than previous versions, according to early users who posted comments to the blog about the browser. Minimo is designed to be an alternative to the browser that comes with Windows Mobile, and its creators promote its speed in accessing sites as well as other features like tabs, better security and support for widgets.
The Minimo project, which isn’t a Mozilla endeavor but is hosted by Mozilla.org, was one of the earliest third-party mobile browser initiatives but seems to have been eclipsed by other developers, including Opera.
In 2004, when Minimo seemed promising, Nokia made a financial investment in the initiative. But around the middle of 2004, users were posting questions to the Minimo forum asking if the project was still alive. By the following year, Nokia announced that it was developing its own browser using open-source components from Apple’s Safari browser that would be used in its future smartphones.
Now, even after the most recent release, the future of Minimo is unclear. In late December, Doug Turner, the leader of the project, wrote that he wouldn’t be dedicating much time to it in the future. “There are lots of browsers in the space, the market is tightly controlled by cellular operators, and the end users aren’t using the browser,” he wrote on his blog. “This will change, but not for a few years.”
But while Minimo struggles, Opera, which also offers a free browser for phones, including those running the newest OS from Microsoft, Windows Mobile 6.0, has been attracting more and more users. In February, there were 216,283 downloads of Opera’s browser for Windows Mobile Smartphone and Pocket PC editions, up from 142,502 in the same month last year, Opera said.
Minimo may end up heading in a different direction in order to better compete. “At the Firefox Summit, we had a brainstorming session that exposed some ideas that would help improve the lives of Firefox users who have mobile phones without having to build a full browser for the mobile handset. Things that we could do in a few months, rather than many years,” Turner wrote in the blog posting. He plans to continue flushing out these ideas in the coming months.
Both Minimo and Opera face renewed competition from Microsoft, which just this week began previewing new technology that could be included in future versions of its mobile browser.
Read More…
Source: InfoWorld
US-CERT is aware of reports of malware using social engineering to propagate. Spam appearing to come from “admin@microsoft.com” contains a link to a malicious file that claims to be an installer for Internet Explorer 7. Typically the file is named “IE7.0.exe” and if executed installs a rootkit on the target machine.US-CERT encourages users to take the following preventative measures to help mitigate this risk:
Do not follow unsolicited links in email messages.
Install anti-virus software, and keep its virus signature files up-to-date.
Review the Reducing Spam Cyber Security Tip.
Review the Avoiding Social Engineering and Phishing Attacks
Cyber Security Tip.
US-CERT will continue to investigate and provide additional information as it becomes available.
Read More…
Source: US CERT
A new scam email is enticing users to click on a malicious executable file disguised as a bogus image link to download Internet Explorer 7 beta 2.
Read More…
Source: SC Magazine
VeriSign began detecting an animated cursor (ANI) buffer overflow exploit that targets Windows Explorer, Internet Explorer or solutions that use components of IE. This affects IE 6 and 7 running on Windows XP SP2. The malware also appears to be able to affect Windows 2000 systems.
Read More…
Source: Network and Infrastructure Blogs
Hot off the heels of Microsoft’s announcement to back the ZenZui Zooming User Interface, the software giant unveils its own mobile Web browser.
Read More…
Source: InfoSync World
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.
Read More…
Source: National Vulnerability Database