Browser Security News

Cellulant to launch Mobile-XL browser in Kenya

News — Tue, 18 Nov 2008 12:17:13 +0000

Mobile-XL of California has partnered with Cellulant Kenya to allow mobile-phone users to download links for the XLBrowser via SMS.

CVE-2008-3623 (safari)

News — Tue, 18 Nov 2008 03:18:22 +0000

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

CVE-2008-3644 (safari)

News — Tue, 18 Nov 2008 03:18:06 +0000

Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser’s page cache.

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

CVE-2008-4216 (safari)

News — Tue, 18 Nov 2008 03:17:48 +0000

The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that “launch local files.”

Read More…
Source: National Vulnerability Database

The Hackers’ Nightmare is here!

[ MDVSA-2008:230 ] firefox

News — Tue, 18 Nov 2008 03:17:15 +0000

Mandriva Linux Security Advisory MDVSA-2008:230 Package : firefox Date : November 17, 2008 Affected: 2009.0 Problem Description: Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4 (CVE-2008-0017, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, …

[USN-667-1] Firefox and xulrunner vulnerabilities

News — Tue, 18 Nov 2008 00:17:15 +0000

Ubuntu Security Notice USN-667-1 November 17, 2008 firefox, firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 …

Bugtraq: Opera 9.6x file:// overflow

News — Mon, 17 Nov 2008 21:17:16 +0000

Opera 9.6x file:// overflow

Tab tearing live in latest Firefox test build

News — Mon, 17 Nov 2008 19:18:28 +0000

Want that cool tab tear-away feature found in Chrome and Safari? It’s coming to Firefox very soon–and is already working in a test build.

Vuln: GungHo LoadPrgAx ActiveX Control Unspecified Vulnerability

News — Mon, 17 Nov 2008 19:17:20 +0000

GungHo LoadPrgAx ActiveX Control Unspecified Vulnerability

Sleipnir browser upgraded, adds European languages

News — Mon, 17 Nov 2008 18:17:13 +0000

An early preview of the next major version of Sleipnir, the highly-customizable Web browser developed by Japan’s Fenrir, has been released and chief among the updates is support for additional European languages.

Stallman Unsure Whether Firefox Is Truly Free

News — Mon, 17 Nov 2008 15:18:36 +0000

Slatterz writes “Among the theories Stallman bandies about in this Q&A, are: Facebook may not share private data to the CIA, Firefox isn’t really “free software”, and his dreams of a day where nobody is involved in developing or promoting proprietary software. Agree or disagree?”Read more of this story at Slashdot.

Read More…
Source: Slashdot Org latest news headlines

The Hackers’ Nightmare is here!

verypdf-activex.txt

News — Mon, 17 Nov 2008 00:17:09 +0000

VeryPDF PDFView OCX Active-X related OpenPDF heap overflow proof of concept exploit.

Apple Quietly Releases Safari 3.2

News — Sun, 16 Nov 2008 14:18:14 +0000

99BottlesOfBeerInMyF writes “Yesterday Apple quietly slipped out an update to their Safari Web browser to version 3.2. The notable feature is that it finally adds anti-phishing technology, an area where Safari has lagged behind competitors. Aside from that, it provides some security fixes, improved JavaScript performance, and a slightly newer version of Webkit, pulling their Acid3 score up to 77.” Apple forums across the Net are reporting frequent crashes in Safari 3.2, some possibly caused by 3rd-party add-ons, others perhaps related to the anti-phishing feature.Read more of this story at Slashdot.

Read More…
Source: Slashdot Org latest news headlines

The Hackers’ Nightmare is here!

Apple plays catch-up, adds anti-fraud safeguard to Safari

News — Sat, 15 Nov 2008 11:17:09 +0000

Apple Friday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing sites. The company also patched 11 security bugs in the program, the bulk of them specific to the Microsoft Windows version.

SA08-319A: Mozilla Updates for Multiple Vulnerabilities

News — Sat, 15 Nov 2008 01:17:08 +0000

Mozilla Updates for Multiple Vulnerabilities

Security Updates for Mozilla Firefox and SeaMonkey

News — Fri, 14 Nov 2008 22:18:52 +0000

From the Patch dept.:
Mozilla Firefox 3.0.4, Mozilla Firefox 2.0.0.18 and SeaMonkey 1.1.13 have been released. These releases contain several critical security updates, which include patches for crashes and remote code execution. All users are encouraged to update to the latest versions.
NEW! Learning Center (Sponsored by IBM)WEBCAST: Offshore software development: Making it a success with agile practices. Register Now.DOWNLOAD: Download the IBM pureXML Developers Kit

Read More…
Source: Open Source Directory :: OSDir.com

The Hackers’ Nightmare is here!

Apple Goes Bug-Hunting in Safari 3.2

News — Fri, 14 Nov 2008 22:18:15 +0000

New browser release fixes 11 flaws and adds new security features.

Read More…
Source: internetnews.com: Top News

The Hackers’ Nightmare is here!

Apple Goes Bug-Hunting in Safari 3.2

News — Fri, 14 Nov 2008 22:18:15 +0000

New browser release fixes 11 flaws and adds new security features.

Apple Releases Security Updates for Safari

News — Fri, 14 Nov 2008 21:17:31 +0000

Apple has released Safari 3.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.US-CERT encourages users to review Apple Article HT3298 and apply any necessary updates.

SA08-319A: Mozilla

News — Fri, 14 Nov 2008 21:17:07 +0000

Mozilla