The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving “detection of JavaScript events and appropriate manipulation.”

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Espen sez, “In a move leading me to suspect they have hired laid-off lawyers from RIAA, Endnote (owned by Reuters) has sued GMU and Dan Cohen for the latest version of Zotero (a Firefox plugin that lets you save, annotate and academically reference articles you find online). This is an amazingly stupid market move: Suing an academic for making software for other academics because the software allows you to convert styles (which in turn were freely contributed by other academics) - when your main market is academics.” For my part, I’m going to refuse to use Reuters’ software in future, strongly discourage graduate students from buying EndNote, and try to get this message out to my colleagues too (at least those of them who aren’t using Zotero or some BibTex client already). If I taught any classes where Thomson printed relevant textbooks, I would be strongly inclined not to use these texts either. I encourage you to do the same (and, if you’re so minded, to suggest other possible ways of making it clear to Reuters that this kind of behaviour is intolerable in the comments). People have argued that the music industry has screwed up badly by suing its customers – whether that’s true or not, makers of academic bibliography software should be told that suing universities for what appear to be entirely legitimate actions is not likely to do their reputations any good. GMU sued for Zotero (Thanks, Espen!)…

Read More…
Source: Boing Boing

The Hackers’ Nightmare is here!

Opera before 9.52 does not ensure that the address field of a news feed represents the feed’s actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to execute arbitrary code via unknown vectors in which Opera is launched by other applications.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!