by: Chris Hudson
12 August, 2009
Apple have released v4.0.3 of their web browser, Safari, largely to address a number of security issues in Vista, Windows XP and Mac OS X.
This Safari 4.0.3 update is available through Apple’s Software Update system, or as a download for Mac OS X 10.4.11, 10.5.7 and 10.5.8, Mac OS X Server 10.4.11, 10.5.7 and 10.5.8, and Windows XP and Vista.
The update focuses on six problems, some critical including buffer overflows in XP and Vista that can cause crashes or arbitrary code execution and a buffer overflow in Webkit that affects both Windows and Mac and again could lead to crashes or even malicious code execution.
The update also prevents the ability to promote malicious websites into Safari’s Top Sites page, the disclosure of sensitive information, the launching of file URLs and provides fixes to the handling of look-a-like characters in domain names.
This final problem is also known as a homograph spoofing attack, where phishers may replace a Latin character in a URL with one from, say a Cyrillic alphabet, that looks visually similar to the Latin character but is actually perceived as an entirely different character by a browser. This enables phishers to register domain names that look similar to familiar brand names.
by: Chris Hudson
17 July, 2009
Mozilla have today released an update to Firefox, their cross-platform browser.
Firefox 3.5 was only released three weeks ago, and Mozilla announced almost immediately that there would be a quick release of the 3.5.1 update as there were a couple of topcrashes that had not been eliminated before 3.5 was released.
However, the discovery earlier this week that there was a critical vulnerability in Firefox 3.5’s Just-In-Time Javascript compiler has meant that 3.5.1 has been released even earlier than intended to fix the vulnerability and restore full Javascript capability to Firefox users.
(Mozilla had advised disabling the JIT Javascript compiler as a temporary cure to the vulnerability. We show you how to turn the JIT Javascript back on here).
In addition to the security fix, the Firefox 3.5.1 update cures a number of topcrashes or stability issues and supplies a few bugfixes. You can find a list of Firefox 3.5.1 bugfixes here.
You can download the Firefox browser for Mac, Windows or Linux here
by: Chris Hudson
15 July, 2009
Mozilla has announced a critical vulnerability in the newly released Firefox 3.5
It is possible that other versions of Firefox have this vulnerability which allows a user’s computer to be exploited by others executing code on it.
The Firefox 3.5 vulnerability arises through a bug in the Just-in-time (JIT) JavaScript compiler. This causes memory corruption by a Javascript code-handling error when faced with certain HTML tags.
To reduce the risk of exploitation it is advised that you disable the JIT for now. Here’s how:
(Or you could use Safari…)
Anyway, as this will cause performance loss, once a bugfix is released you should swith the JIT back on by:
UPDATE: 09:45hrs 17th July 2009: This critical vulnerability has now been fixed with the release of Firefox 3.5.1
