Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- sort by:
- Relevance
- Date
- Popularity
- A look at the recent Firefox 3 vulnerability
- True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed...
- Blog posts 2008-07-22
- Protocol handlers cause Mozilla Firefox 3 remote command execution vulnerabilities
- Protocol handlers cause Mozilla Firefox 3 remote command execution vulnerabilitiesThe point is moot......[b]if[/b] you put your FF session in an AppArmor 'sandbox'--the below comes FREE as in beer in openSUSE /etc/apparmor/profiles/extras. Just go into YaST control center->AppArmor->Manually Add Profile and select both usr.lib.firefox.firefox-bin and *.firefox.sh and you are golden--a five-minute...
- Discussion threads 2008-07-16
- 10 days from report to patch for new Firefox exploit
- Looks like the protocol handler problems just won't die. On July 20th, Jesper Johansson reported that Firefox 2.0.0.5 didn't quite get all the bugs out of passing strings to external programs registered as protocol handlers. 10 days later, Mozilla has released a patch in version 2.0.0.6. The first version of...
- Blog posts 2007-07-31
- IE-to-Firefox flaw debate rages: Ex-Microsoft security strategist weighs in
- While Microsoft has declined to comment on the IE-to-Firefox flaw drama (beyond an "it's not our fault" statement), a former security strategist is coming to the company's defense, arguing that there's no real way for Internet Explorer to validate the code being passed to Firefox.Jesper Johansson left, a Windows internals...
- Blog posts 2007-07-12
Additional Resources
- MS Patch Tuesday: 8 critical security holes patched
- Microsoft shipped four high-priority security bulletins today with patches for at least eight code execution vulnerabilities affecting millions of Windows computer users. The September Patch Tuesday updates, all rated "critical," correct security flaws in the Windows Media Player, the Windows Media Encoder, Microsoft Office and the Microsoft...
- Blog posts 2008-09-09
- I'm done with GMail
- I'm done with GMailRE: I'm done with GMailI was going to go off on 'WTF are you on about?' but I read the 'inbox zero' page first & saw this paragraph,"Gmail's made me see the value of having very few actual folders for storing new and archived mail. It makes...
- Discussion threads 2008-08-23
- Opera patches 7 vulnerabilities but keeps one a secret
- Opera Software has shipped a new version of its flagship Web browser with fixes for at least seven documented security problems but details on one vulnerability -- a cross-site scripting issue reported by Chris Weber-- is being kept under wraps. Opera warned that one of the seven...
- Blog posts 2008-08-20
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Blog posts 2008-07-21
- Protocol handlers cause Mozilla Firefox 3 remote command execution vulnerabilities
- Update 07/16/2008: Apparently I neglected to mention that this has been patched already. Reading over it again and a heads up from a reader pointed out the error to me. As always, great job by Window Snyder and the Mozilla Security Team for getting this patched quickly. ...
- Blog posts 2008-07-16
- Opera patches serious code exection flaw
- Opera patches serious code exection flawURI/Protocol Handler AbuseI can confirm that Rios has been working on a protocol handler flaw on Opera. I'm not sure if this is what was patched... we've both been so busy lately we haven't been researching together as much as we did in the...
- Discussion threads 2008-07-03
- Multiple Facebook vulnerabilities reported on Full-Disclosure
- Jouko Pynnonen posted a message to the Full-Disclosure mailing list today, citing multiple "script injection" vulnerabilities within Facebook. I'm not sure if this is a surprise to anybody out there, it's certainly not to me, as numerous web applications have major problems with Cross-site Scripting vulnerabilities, but I think this...
- Blog posts 2008-07-02
- 90% of all statistics can be made to say anything... 50% of the time, aka my thoughts on the Verizon report
- ** Update 06/23/2008: I realize I didn't do a very good job of talking about what we're reviewing here. This is in response to the statistics gathered by Verizon related to Forensic Analysis of Data Breaches over a four year span. First off, let me...
- Blog posts 2008-06-22
- Firefox 3.0 downloads surpass 7 million
- Firefox 3.0 downloads surpass 7 millionFound a FLAW in Firefox 3.0these protocol-handler security settings are ignored although they're set to 'true' and so you don't receive warningsnetwork.protocol-handler.warn-external.mailtonetwork.protocol-handler.warn-external.newsnetwork.protocol-handler.warn-external.nntpnetwork.protocol-handler.warn-external.snews(about:config)I've done my partI even downloaded it twice, once for my laptop and once for my desktop. :)Three cheers for the Mozilla Teamand a...
- Discussion threads 2008-06-18
- Hacking SCADA for terrorism and destruction
- SCADA scares me, and I've seen enough things on the Internet to be desensitized to many things, but attacks against SCADA threaten our national security in a very real and topical way by attacking power grids, water treatment plants, nuclear plants, etc. Hacking networks that SCADA devices reside on and...
- Blog posts 2008-06-12
- Ouch: Mozilla patches 24 total issues in Firefox, SeaMonkey, XULRunner, and Thunderbird
- Ouch: Mozilla patches 24 total issues in Firefox, SeaMonkey, XULRunner, and ThunderbirdThey got to ya' didn't they?They threaten your family, maybe pulled some funding...? :)These are old patchesNate, these vulnerabilities are all fixed with FF 2.0.14, released a month ago (April 16)._ryanJust realized...Apparently the full disclosure post was for an...
- Discussion threads 2008-05-20
- More bad news for McAfee, HackerSafe certification
- Dan Godin posted a great article that was picked up by The Register a couple days ago about continued challenges for McAfee's newly purchased HackerSafe division. I find the article interesting as HackerSafe uses a scanning tool that probes for web application security flaws... of course, tools are limited in...
- Blog posts 2008-05-01
- Defeating the Same Origin Policy part 2
- In my first post in this series, I discussed the Same Origin Policy and how it protects us from some very serious attacks, the dangers of domain name based trust, and how to attack implementations of the Same Origin Policy within the Java Virtual Machine JVM. In order to demonstrate...
- Blog posts 2008-03-24
- Defeating the Same Origin Policy part 1
- The Same Origin Policy is one of the guiding principles that seek to protect our browsing experience. The Same Origin Policy was originally released with Netscape Navigator 2.0 and has been incorporated in one form or another in every major browser since. The concept has additionally been extended...
- Blog posts 2008-03-14
- Apple delivers hefty patch haul; Addresses Leopard flaws and Safari
- Apple on Monday delivered another 41 patches to address multiple vulnerabilities in Mac OS X and Mac OS X Server including more than a few for Leopard. The security update, which matches last month's patch crop from Apple, features a few common threads. Among them: ...
- Blog posts 2007-12-17
- Apple slaps more bandaids on QuickTime
- Apple has shipped a new QuickTime version to plug at least three more security vulnerabilities that put Mac OS X and Windows users at risk of code execution attacks. The QuickTime 7.3.1 update addresses the QuickTime RTSP Real Time Streaming Protocol Content-Type header flaw that was first...
- Blog posts 2007-12-13
- << Previous
- page 1 of 1
- Next >>
Content Types
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
Meet Doc
-
-
Here to help you with your Document Management Needs
- Check out Doc’s Blog on ZDNet
- Help your company, help the earth I want to share with you the Environmental Defense Fund Paper Calculator, which allows you to gauge your organization's environmental impact.
- Which is Greener: Paper or Digital? The Answer May Surprise You Anything we can do to reduce paper consumption is good. But what about the impact of digital waste?
-
Produced by
ZDNet and -
