ZDNet Must Read:
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »
Category: Mozilla
November 18th, 2009
Mozilla locks out rogue Firefox add-ons
Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browser’s application components directory.
This will most certainly block developers and software vendors from silently installing Firefox add-ons without explicit user permission. It will also significantly reduce browser crashes linked to third-party add-ons, Mozilla said. Read the rest of this entry »
October 28th, 2009
Opera browser dinged by code execution flaw
Mozilla isn’t the only alternative browser maker struggling with serious security problems.
On the same day Mozilla shipped a Firefox update to fix multiple critical vulnerabilities, Opera dropped a major patch to fix three documented flaws, including a memory corruption issue that exposes users to code execution attacks. Read the rest of this entry »
October 28th, 2009
Firefox hit by multiple drive-by download flaws
Mozilla’s flagship Firefox browser is vulnerable to at least 11 “critical” vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing.
The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser’s form history. Read the rest of this entry »
October 19th, 2009
Microsoft: Human error caused critical SMB2 vulnerability
Microsoft is blaming human error for one of the critical SMB v2 vulnerabilities that exposed Windows users to remote code execution attacks and argues that it’s near impossible to catch these types of bugs with existing code review tools and techniques.
According to a post-mortem of the issue by Redmond security guru Michael Howard (right), the company detected the vulnerable code “very late” in the Windows 7 development process but argued that there are no static analysis tools or SDL requirements that would spot this type of human error.
October 19th, 2009
Mozilla blocks (then unblocks) dangerous MS .NET Firefox add-on
FINAL UPDATE: In the Threatpost podcast above, Mozilla’s Mike Shaver explains what happened (.mp3)
[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected. I'll attempt to get to the bottom of what appears to be a case of miscommunication ]
Mozilla has added the Microsoft .NET Framework Assistant add-on to its blacklist, a move that effectively disables the dangerous extension and plug-in for all Firefox users.
The move comes in the wake of an admission from Microsoft that the add-on was exposing users to drive-by malware downloads via a remote code execution vulnerability. Read the rest of this entry »
October 16th, 2009
Podcast: Inside the OWA attacks, Patch Tuesday wrap-up
In this podcast with Threatpost co-editor Dennis Fisher, I discuss the recent Outlook Web Access phishing attacks, the Microsoft/Adobe patchapalooza and the true extent of the botnet/malware epidemic. Listen here.
October 16th, 2009
Microsoft exposes Firefox users to drive-by malware downloads
Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads. Read the rest of this entry »
October 9th, 2009
Mozilla 'Plugin Check' keeps Firefox add-ons secure
Mozilla has expanded its Plugin Check service to provide an easy way for Firefox users to pinpoint browser add-ons that might be vulnerable to hacker attacks.
The new service, available here, effectively scans the browser for all installed plug-ins and provides one-click options to apply patches if an outdated plugin is found. Read the rest of this entry »
September 17th, 2009
Firefox Flash patch nudge working, but...
Mozilla’s move to nudge Firefox users into updating the browser’s Flash Player plug-in is being hailed as a “phenomenal” success with about 10 million users clicking through to the Web page with Adobe’s patch.
Mozilla released some brief statistics to track the success of its new program, which serves up a visual warning to Firefox users if their version of the ever-present Adobe Flash Player plug-in is out of date. The program started last week with the releases of Firefox 3.5.3 and Firefox 3.0.14.
September 9th, 2009
Mozilla patches 'drive-by download' security flaws
Mozilla has released a new version of its flagship Firefox browser to fix 10 vulnerabilities that put Web surfers at risk of code execution attacks.
The Firefox 3.5.3 update — available for Windows, Mac and Linux users — patches security holes that could allow drive-by download attacks if a user simply surfs to a booby-trapped Web site.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
Recent Entries
- Opera patches ‘extremely severe’ security hole
- Exploit published for critical IE 7 zero-day flaw
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
Blogs From Our Sponsors
Most Popular Posts
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Which antivirus is best at removing malware?
- Mac OS X mega patch covers 58 security vulnerabilities
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Facebook password-reset spam is Bredolab botnet attack+46 votes
- Thousands of web sites compromised, redirect to scareware+43 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+39 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
> Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Improve Performance in SAP Application Environments Quest Software With the exploding growth of data, the typical DBA must spend a ... Download Now
- Get top-ranked Novell support for Red Hat at 50% less Novell A simplified IT environment isn't just less complex, it's more reliable. ... Download Now
- A Formal Performance Tuning Methodology: Wait-based Tuning Quest Software Are you effectively testing an application's performance BEFORE it reaches ... Download Now
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
