Mozilla closes numerous critical holes in Firefox 16 [Update]

The h-online: Following the recent Firefox 16 release, Mozilla has now detailed all of the security fixes in the new version of its open source web browser as well as in the Thunderbird news and email client. Version 2.13 of the SeaMonkey “all-in-one internet application suite” has also received fixes. In addition to adding new features, version 16.0 of Firefox closes a total of 14 security holes, 11 of which are rated as “Critical” by the project....

October 12, 2012 · 3 min · 456 words

Microsoft's September Patch Tuesday closes important XSS holes

h-online: On its September Patch Tuesday, Microsoft released two security updates that are rated as important and which close holes in Visual Studio Team Foundation Server 2010 (TFS) and Systems Management Server 2003 and 2007. Both updates fix cross-site scripting (XSS) vulnerabilities in the web interfaces that allow attackers to execute arbitrary code in the victim’s browser. As the holes enable an attacker to access the web interfaces at the user’s privilege level, Microsoft has classified them as privilege escalation vulnerabilities....

September 12, 2012 · 2 min · 239 words

Symantec releases Norton 2013 security suites

BetaNews: Symantec has released brand new versions of its Norton security packages for Windows, Norton Anti-Virus 2013, Norton Internet Security 2013 and Norton 360 2013. It’s the first time all three packages have been updated simultaneously, while the branding has also been amended to remove all references to a date, simply naming each Norton Anti-Virus, Norton Internet Security and Norton 360, respectively. The 2013 versions come with what Symantec describes as “five layers of patented protection”, which include stronger social networking and anti-scam protection....

September 7, 2012 · 3 min · 508 words

Oracle rushes out patch for critical 0-day Java exploit

TheRegister: In an uncommon break with its thrice-annual security update schedule, Oracle has released a patch for three Java 7 security flaws that have recently been targeted by web-based exploits. “Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,” Eric Maurice, the company’s director of software security assurance, said in a blog post published on Thursday. Maurice said that the vulnerabilities patched only affect Java running in browsers, and not standalone desktop Java applications or Java running on servers....

August 31, 2012 · 2 min · 370 words

Download Firefox 15 and Thunderbird 15!

Cross-copied from BetaNews: Mozilla has quietly placed major new versions of its open-source, cross-platform web browser and email client onto its download servers ahead of an official release. Firefox 15 FINAL benefits largely from behind-the-scenes performance tweaks, while Thunderbird 15 FINAL introduces a few new features, including a new curvy user interface. Firefox 15 FINAL’s most notable changes are performance-based. There’s faster startup on Windows PCs, plus incremental garbage collection and better management of plugins to prevent memory leaks....

August 28, 2012 · 3 min · 505 words

Adobe Flash Player update patches six critical holes

h-Online: Adobe has released the second update for its Flash Player software in a week, this time for six critical vulnerabilities. Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another bug that was fixed is a cross-domain information leak. The problems exist in Flash Player 11....

August 23, 2012 · 2 min · 293 words

PostgreSQL patches XML flaws

h-online: A flaw in the built-in XML functionality of PostgreSQL (CVE-2012-3488) and another in its optional XSLT handling (CVE-2012-3489) have been patched, and the developers have released updated versions of the open source database with relevant fixes. The holes being patched are related to insecure use of the widely used libxml2 and libxslt open source libraries and the PostgreSQL developers advise anyone using those libraries to check their systems for similar problems....

August 19, 2012 · 2 min · 333 words

IE 9.0.9 Available via Windows Update

MSDN: The August 2012 Cumulative Security Update for Internet Explorer is now available via Windows Update. This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers For more information, see the full bulletin....

August 16, 2012 · 1 min · 213 words

Adobe Flash Player 11.3.300.270 for Windows released to address a crash

Adobe wrote: Today, Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe). There are no other fixes or changes provided with this build. This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi’s (available on the distribution page.) No other platforms are affected. Please be aware that this release is not available from the Product Download Center (http://get....

August 3, 2012 · 2 min · 344 words

Chrome 21 arrives with new API for video and audio communication

h-online: With the release of Chrome 21, web applications can now directly access the local system’s built-in camera and microphone. Instead of requiring a special plugin, the major stable update to the WebKit-based web browser includes a new HTML5 <a href="http://www.html5rocks.com/en/tutorials/getusermedia/intro/">getUserMedia</a> API – currently a W3C Editor’s Draft – to provide web apps with access to the camera and microphone. For security purposes, users will be prompted to grant apps permission to access the hardware....

August 2, 2012 · 2 min · 378 words