vulnerability

Report: Firefox buggier, but issued fixes quicker

Mozilla reported more vulnerabilities in its Firefox Web browser last year than Internet Explorer, Safari, and Opera combined, but Mozilla dealt with those flaws quicker than Microsoft, according to a new a report by vulnerability-testing company Secunia.

Firefox had 115 reported flaws in 2008, nearly four times as many as every other popular browser, and nearly twice as many as Microsoft and Apple combined, according to browser vulnerability research (PDF) released this week. In comparison, Microsoft reported 31 flaws in IE, Apple reported 32 in Safari, and Opera reported 30.

However, the report found that Mozilla was quicker to patch … Read more

Firefox 3.0.7 targets security issues

Mozilla on Wednesday released an update to the Firefox Web browser that its developers said fixes eight security issues found in Firefox 3.0.6, six of which were rated critical.

The most serious of the vulnerabilities fixed in version 3.0.7 for Windows, Mac, and Linux could allow attackers to run arbitrary code on a victim's computer, Mozilla warned in security advisories Wednesday.

The six critical flaws affect the browser's garbage collection--which monitors how Firefox modules use the computer's memory--as well as the browser's PNG libraries and in the layout and JavaScript engines.

Mozilla … Read more

Opera belts out critical security update

Opera on Tuesday released a critical security update, designed to fix vulnerabilities in its browser that could allow malicious attackers to use an altered JPEG to take control of a user's system.

The update for Opera version 9.64 is designed to address security vulnerabilities in earlier versions of Opera 9.

The vulnerabilities were found in Opera's plug-ins, which when exploited via a maliciously crafted JPEG image could cause Opera to corrupt memory and crash, potentially resulting in execution of arbitrary code and cross-site scripting, Opera noted in its advisory.

Security software company Secunia rates the vulnerabilities as &… Read more

Adobe warns of critical, unpatched security flaw

Update at 8:45 a.m. PST: Information from security firm Symantec added.

Attackers are making the rounds and exploiting a critical security flaw in Adobe Reader 9 and Acrobat 9.

Earlier versions of the PDF-related software are also affected by the critical security flaw, which could cause the applications to crash and potentially let an attacker gain control of a person's computer, Adobe Systems warned Thursday.

Reports also surfaced that attackers have developed an exploit and are taking advantage of the flaw, the company said.

Adobe has yet to develop an update to address the vulnerability but noted … Read more

Firefox 3.0.6 targets security issues

Mozilla on Tuesday released an update to Firefox for Windows, Mac, and Linux that its developers said addresses several security and stability issues in the Web browser.

Version 3.0.6 fixes six bugs, the worst of which is a JavaScript issue affecting the browser's layout engine that developers labeled as critical. The vulnerability, which also affects Mozilla's Thunderbird e-mail client and SeaMonkey Internet Suite, could allow an attacker to run unauthorized code on exploited machines, Mozilla said.

The update improves how scripted commands, such as those included with Adblock Plus, work with plug-ins. It also addresses display … Read more

IBM report: Vulnerabilities still going unpatched

More than half of the security vulnerabilities disclosed during 2008 had no patches available from the vendor by the end of the year, according to a report released on Monday by IBM's X-Force research group.

Meanwhile, 46 percent of vulnerabilities from 2006 and 44 percent from 2007 still had no patch by the end of 2008, the 2008 X-Force Trend and Risk report said. X-Force documented a record number of 7,406 new vulnerabilities last year.

Overall, Microsoft is the vendor that tops the list in percentage of vulnerabilities disclosed, the report said. The Macintosh and base Linux kernel … Read more

Apple issues critical security update for QuickTime

Apple has issued a critical security update for QuickTime media player, aimed at resolving vulnerabilities that could potentially allow a malicious attacker to take control of a person's computer, according to an Apple advisory released this week.

People running QuickTime 7 for Windows and for Mac OS X, are affected, as well as those who are using Mac OS X 10.4 or Mac OS X 10.5, according to Apple.

Apple is advising people to update to QuickTime 7.6 for Windows, QuickTime 7.6 for Leopard, or QuickTime 7.6 for Tiger.

The update seeks to address … Read more

RIM issues security patches for BlackBerry

Research In Motion issued on Monday interim patches to address critical security flaws in BlackBerry software.

The flaws affect BlackBerry Enterprise Server software version 4.1 Service Pack 3 through Service Pack 6. The BlackBerry Professional Software 4.1 Service Pack 4 is also affected, RIM notes in its security advisory.

RIM is asking corporate customers to install an interim patch for the BlackBerry Enterprise Server and an interim patch for the BlackBerry Professional Software.

RIM also advises BlackBerry users to open PDF attachments only from "trusted sources." The company notes in its security advisory:

Multiple security vulnerabilities … Read more

Microsoft denies vulnerability in Windows Media Player

Updated: at 10 a.m. January 5 to correct alleged vulnerability to denial of service.

Microsoft on Monday denounced reports that a vulnerability exists in Windows Media Player that could pose a security risk for users.

Microsoft said in a company blog post that it had investigated reports that surfaced on the Internet last week and found them to be "false." The flaw is "reliability issue with no security risk to customers," the company said on its Security Vulnerability Research & Defense blog.

The investigation followed claims published Wednesday on the Bugtraq security mailing list by … Read more