Opera Malicious HTML Processing Denial of Service Vulnerability
>> Advertisement <<
ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29

Read More…
Source: Security Focus

Vulnerabilities were identified in third-party trouble-shooting ActiveX controls, developed by SupportSoft. Two of these controls were signed, shipped and installed with the identified versions of Symantec s consumer products and as part of the Symantec Automated Support Assistant support tool. The vulnerability identified in the Symantec shipped controls could potentially result in a stack overflow requiring user interaction to exploit. If successfully exploited this vulnerability could potentially compromise a user s system possibly allowing execution of arbitrary code or unauthorized access to systemassets with the permissions of the user s browser.

Read More…
Source: Security Team

Mozilla Network Security Services Library Remote Denial of Service Vulnerability

Read More…
Source: Security Focus

IPIX Image Well ActiveX Controls Multiple Buffer Overflow Vulnerabilities

Read More…
Source: Security Focus

As the MIX 07 show approaches (I’ll be there Sunday/Monday, then giving a talk at UC Berkeley on Tuesday), I’ve been focusing on what might seem like trailing-edge issues. Last night, for example, I was up way too late rewriting my cross-browser LibraryLookup script — partly to fix a bug, but partly to improve my […]

Read More…
Source: Jon Udell

Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors.

Read More…
Source: National Vulnerability Database

CRLF injection vulnerability in the Digest Authentication in Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (
) in the username attribute.

Read More…
Source: National Vulnerability Database

CRLF injection vulnerability in the Digest Authentication in Mozilla Firefox 2.0.0.3 allows remote attackers to conduct HTTP response splitting attacks via a LF (
) in the username attribute.

Read More…
Source: National Vulnerability Database

The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this to as a memory leak, but it is not certain.

Read More…
Source: National Vulnerability Database

This is your guide to building Internet applications and user interfaces with the Mozilla component framework, which is best known for the Firefox web browser and Thunderbird email client. Programming Firefox demonstrates how to use the XML User Interface Language (XUL) with open source tools in the framework’s Cross-Platform Component (XPCOM) library to develop a variety of projects, such as commercial web applications and Firefox extensions.

Read More…
Source: O’Reilly: New Books