Opera Web Browser Multiple Security Vulnerabilities

Read More…
Source: Security Focus

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

Read More…
Source: National Vulnerability Database

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

Read More…
Source: National Vulnerability Database

Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

Read More…
Source: National Vulnerability Database

twitter writes “PC World has released their year in review statistics and 2007 was not kind to Microsoft. IE 6 users are equally likely to move to Firefox as they are to IE7 and no one wants Vista. ‘How much of an accomplishment is it for a new version of Windows to get to 14 percent usage in 11 months? The logical benchmark is to compare it to the first eleven months of Windows XP, back in 2001 and 2002. In that period, that operating system went from nothing to 36 percent usage on PCWorld.com–more than 250 percent of the usage that Vista has mustered so far.’”Read more of this story at Slashdot.

Read More…
Source: Slashdot Org latest news headlines

- Gentoo Linux Security Advisory GLSA 200712-22 - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: December 30, 2007 Bugs: #202770 ID: 200712-22 - Synopsis Multiple vulnerabilities were discovered in Opera, allowing for the …

Read More…
Source: Full Disclosure

(CSO)An historic name in software will effectively pass into history in February as AOL discontinues development and active support for the Netscape browser, according to an official blog. AOL will keep delivering security patches for the current version of Netscape until Feb. 1, 2008, after which…

Read More…
Source: CSO Security

On Feb 1, 2008, AOL will withdraw support on all versions of the Netscape Browser. The company is now urging users to migrate to Firefox instead.

Read More…
Source: ActiveWin.com

Microsoft is queuing up a beta one release of Internet Explorer 8 for the first half of 2008 while beta 3 of upstart Firefox 3 hit the Web last week, just in time for the holidays.
And, the Mozilla folks behind Firefox last week also started talking about a new project, called Weave, to make it easier for developers to build dynamic applications and for users to control their personal data.
The goal is to furnish a set of basic, optional Mozilla-hosted online services and make sure people can set up their own services using open-standards tools, according to the Web site. The organization wants to demonstrate a “consistent model” for users who want to open up their browser metadata to friends and third-party applications. And, Mozilla.org wants to enable such sharing while also protecting privacy — using client-side encryption by default but allowing the user to delegate and control access rights.

Read More…
Source: ActiveWin.com

[ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities

Read More…
Source: Security Focus