Tuesday, April 21st, 2009 Firefox 3.0.9 fixes several security issues found in Firefox 3.0.8:Firefox allows Refresh header to redirect to javascript: URIs
POST data sent to wrong site when saving web page with embedded frame
Malicious search plugins can inject code into arbitrary sites
Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
XSS hazard using third-party stylesheets and XBL bindings
Same-origin violations ...
Posted in Internet, Linux, Privacy, Security, Software, Windows | No Comments
Thursday, March 26th, 2009 Mozilla Firefox is prone to a remote memory-corruption vulnerability.An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.The following proof of concept is available:http://www.securityfocus.com/data/vulnerabilities/exploits/2009-ffox-poc.tar.gz
Posted in Coding, Internet, Security, Software | 1 Comment
Tuesday, March 17th, 2009 A researcher has developed a browser extension that stops advertising networks from tracking a person's surfing habits, such as search queries and content they view on the web.The extension, called Targeted Advertising Cookie Opt-Out (TACO), enables its users to opt out of 27 advertising networks that are employing behavioural advertising ...
Posted in Internet, Privacy | 1 Comment
Wednesday, March 4th, 2009 Firefox 3.0.7 has been released today and this version fixes several issues found in Firefox 3.0.6.Fixed several security issues:
-URL spoofing with invisible control characters
-Upgrade PNG library to fix memory safety hazards
-XML data theft via RDFXMLDataSource and cross-domain redirect
-Mozilla Firefox XUL Linked Clones Double Free Vulnerability
-Crashes with evidence of memory corruption (rv:1.9.0.7)
Fixed ...
Posted in Internet, Linux, Windows | 2 Comments
Thursday, February 12th, 2009 The Partial GET Request (HTTP 206 Status Code) of a WAV file results in a Denial of Service of the application.Last HTTP packet from Firefox before the DoS is listed below in RAW format:GET /fpaudio/footprints_waves.wav HTTP/1.1
Accept: */*
User-Agent: NSPlayer/11.0.6001.7001 WMFSDK/11.0
UA-CPU: x86
Accept-Encoding: gzip, deflate
Range: bytes=34848-
Unless-Modified-Since: Mon, 09 Jul 2007 12:44:57 GMT
If-Range: "4f0018-440f2-434d403204440"
Host: ...
Posted in Coding, Internet, Linux, Security, Software, Windows | No Comments
