Browser Security News

MySpace Pushes Beyond Browser To TV

News — Thu, 08 Jan 2009 10:17:50 +0000

MySpace has launched a widget designed on the new Widget Channel TV application framework being co-developed by Intel and Yahoo!. The MySpace Widget for TV allows users to interact with MySpace directly from their TV extending the MySpace experience beyond the browser and making the traditional TV experience more social.
Other social networks will certainly develop their own applications; and while adoption of compatible TV sets will take time, combining social networking with broadcast TV creates a myriad of possibilities for music marketers. Fans could interact with the artist and each other during a concert picking the next songs or inviting more friends to watch, for example. More on the MySpace Widget for TV’s functionality:
The MySpace DockThe Widget Channel offers a dock mode where users can quickly gain access to the MySpace Widget at the bottom of their TV screens. The MySpace dock is a place for users to keep updated on notifications, with links to “My Profile”, “Messages”, “Friend Requests” and “Status Updates.” Users can open the MySpace sidebar for more information when updates are received by clicking on an icon.The MySpace SidebarOnce a user clicks on an icon in the MySpace dock, the MySpace sidebar is opened on their TV screen. The MySpace sidebar is an expanded interface where users can interact with MySpace in a richer environment. The MySpace sidebar allows users to navigate all functionality of the widget and is organized in a familiar, friendly way to MySpace users. The Widget lets users update their status and mood, view friend requests, read and respond to messages, receive friend updates, and browse profiles and photos.

Vuln: Multiple Vendor SizerOne ActiveX Control ‘AddTab’ Method Buffer Overflow Vulnerability

News — Thu, 08 Jan 2009 06:17:12 +0000

Multiple Vendor SizerOne ActiveX Control ‘AddTab’ Method Buffer Overflow Vulnerability

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

MS08-070 - Critical: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) - Version:1.1

News — Thu, 08 Jan 2009 05:17:27 +0000

Severity Rating: Critical - Revision Note: V1.1 (December 15, 2008): Added an entry in the section, Frequently asked questions (FAQ) related to this security update, announcing that Microsoft has released a cumulative update for Microsoft Visual Basic 6.0 Service Pack 6 (KB957924) that includes the update for Microsoft Visual Basic 6.0 Runtime Extended Files (KB926857) provided in this bulletin. This is an informational change only. There were no changes to the security update binaries in this bulletin.Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-078 - Critical: Security Update for Internet Explorer (960714) - Version:1.1

News — Thu, 08 Jan 2009 05:17:04 +0000

Severity Rating: Critical - Revision Note: V1.1 (December 18, 2008): Added unaffected server core notation for Windows Server 2008 for 32-bit Systems and Windows Server 2008 for x64-based Systems. Clarified the entry, in Frequently Asked Questions (FAQ) Related to This Security Update, about this out-of-band update and cumulative security updates for Internet Explorer. Finally, added an undo method for the workaround, Disable XML Island functionality.Summary: This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Googlepedia for Firefox brings Wikipedia to you

News — Thu, 08 Jan 2009 04:17:44 +0000

This Firefox add-on delivers Wikipedia entries to a Google search results page near you.

Vuln: Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability

News — Thu, 08 Jan 2009 03:18:21 +0000

Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

Vuln: Mozilla Firefox URI Splitting Security Bypass Vulnerability

News — Thu, 08 Jan 2009 03:17:58 +0000

Mozilla Firefox URI Splitting Security Bypass Vulnerability

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

Vuln: Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability

News — Thu, 08 Jan 2009 03:17:38 +0000

Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow Vulnerability

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

Vuln: Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities

News — Thu, 08 Jan 2009 03:17:14 +0000

Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

Vuln: Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability

News — Thu, 08 Jan 2009 02:17:12 +0000

Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption Vulnerability

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

SAP issues update to correct critical ActiveX flaw

News — Wed, 07 Jan 2009 21:17:31 +0000

A critical error in SAP’s graphical user interface could be exploited by an attacker to gain access to sensitive data and critical files.

Re: Firefox 3.0.5 remote vulnerability via queryCommandState

News — Wed, 07 Jan 2009 18:17:19 +0000

Sorry, something went wrong while copypasting the repro URL: ) AV-Read[0]@xul!JVMMaybeShutdownLiveConnect0xdbe0/repro.html Berend-Jan Wever On Wed, Jan 7, 2009 at 6:04 PM, Berend-Jan Wever wrote: > > > ) AV-Read[0]@xul!JVMMaybeShutdownLiveConnect0xdbe0/repro.html > > > How about giving some credit where it’s due? > > Cheers, > SkyLined > > …

Read More…
Source: Full Disclosure

The Hackers’ Nightmare is here!

Secunia Research: ComponentOne SizerOne ActiveX Control Buffer Overflow

News — Wed, 07 Jan 2009 16:17:57 +0000

Secunia Research 07/01/2009 - ComponentOne SizerOne ActiveX Control Buffer Overflow - Table of Contents Affected Software…………………………………………….1 Severity…………………………………………………….2 Vendor’s Description of Software……………………………….3 Description of Vulnerability…………………………………..4 Solution…………………………………………………….5 Time Table…………………………………………………..6 Credits……………………………………………………..7 References…………………………………………………..8 About Secunia………………………………………………..9 Verification………………………………………………..10 1) Affected Software * ComponentOne SizerOne 8.0.20081.140 …

Read More…
Source: Full Disclosure

The Hackers’ Nightmare is here!

Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow

News — Wed, 07 Jan 2009 16:17:38 +0000

Secunia Research 07/01/2009 - TSC2 Help Desk CTab ActiveX Control Buffer Overflow - Table of Contents Affected Software…………………………………………….1 Severity…………………………………………………….2 Vendor’s Description of Software……………………………….3 Description of Vulnerability…………………………………..4 Solution…………………………………………………….5 Time Table…………………………………………………..6 Credits……………………………………………………..7 References…………………………………………………..8 About Secunia………………………………………………..9 Verification………………………………………………..10 1) Affected Software * TSC2 Help Desk 4.1.8 …

Read More…
Source: Full Disclosure

The Hackers’ Nightmare is here!

Secunia Research: SAP GUI TabOne ActiveX Control Caption List Buffer Overflow

News — Wed, 07 Jan 2009 16:17:14 +0000

Secunia Research XX/XX/200X - SAP GUI TabOne ActiveX Control Caption List Buffer Overflow - Table of Contents Affected Software…………………………………………….1 Severity…………………………………………………….2 Vendor’s Description of Software……………………………….3 Description of Vulnerability…………………………………..4 Solution…………………………………………………….5 Time Table…………………………………………………..6 Credits……………………………………………………..7 References…………………………………………………..8 About Secunia………………………………………………..9 Verification………………………………………………..10 1) Affected Software * SAP GUI 6.40 Patch 29 …

Read More…
Source: Full Disclosure

The Hackers’ Nightmare is here!

Lightweight IMage-browser for PHP 3.0 (Default branch)

News — Wed, 07 Jan 2009 08:17:55 +0000

LIMP is a Lightweight Image browser for PHP. It
requires no database or complex setup; simply
upload and go. It supports “albums” in
subdirectories and generates thumbnails automatically.
License: GNU General Public License (GPL)
Changes:
Near-complete rewrite. New design and
implementation.

Read More…
Source: Freshmeat Daily News

The Hackers’ Nightmare is here!

Vuln: Mozilla Firefox xdg-open ‘mailcap’ File Remote Code Execution Vulnerability

News — Wed, 07 Jan 2009 01:17:37 +0000

Mozilla Firefox xdg-open ‘mailcap’ File Remote Code Execution Vulnerability

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

Vuln: Multiple Browser Marquee Denial of Service Vulnerability

News — Wed, 07 Jan 2009 01:17:17 +0000

Multiple Browser Marquee Denial of Service Vulnerability

Read More…
Source: Security Focus

The Hackers’ Nightmare is here!

Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 12/17/2008

News — Tue, 06 Jan 2009 19:17:04 +0000

Revision Note: December 17, 2008: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-078 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-078. The vulnerability addressed is the Microsoft XML Core Services Vulnerability - CVE-2008-4844.

Tumbarumba: a surreal fiction anthology in the form of a browser plugin

News — Tue, 06 Jan 2009 16:17:54 +0000

Ethan Ham sez, Turbulence.org recently released “Tumbarumba,” a project by Benjamin Rosenbaum and myself (Ethan Ham). Tumbarumba is an anthology in the form of a browser add-on. To read the stories, readers must stumble upon them while browsing the web. The browser add-on will occasionally insert a story fragment into a web page as it loads it. The result is a disorienting surreal sentence that sometimes is nonsensical and sometimes amusingly close making sense. If the reader spots the fragment, they can interact with it in a way that will cause the full story to appear—albeit in the format of the web page on which it was found. The authors in the anthology are: Haddayr Copley-Woods, Greg van Eekhout, Stephen Gaskell, James Patrick Kelly, Mary Anne Mohanraj, David Moles, John Phillip Olsen, Tim Pratt, Kiini Ibura Salaam, David J. Schwartz, Heather Shaw, Jeff Spock Tumbarumba (Thanks, Ethan!)…