Thursday, October 21, 2010

Firefox, Thunderbird, Chrome, and Real Player patches released

Time for another round of patching, boys and girls.  Mozilla has patched both Firefox and Thunderbird, and Chrome has some more updates (although Chrome automatically updates itself silently).  If you have the Real Player installed, it, too, needs patching.

SANS: Firefox 3.6.11 and 3.5.14 released Thunderbird 3.1.4 and 3.0.9 released
Firefox 3.6.11 and 3.5.14 released, includes security updates (http://www.mozilla.com/firefox/3.6.11/releasenotes/)
Thunderbird 3.1.4 and 3.0.9 released, includes security patches (http://www.mozillamessaging.com/thunderbird/3.1.5/releasenotes/)
Mozilla releases Firefox 3.6.11 to address 12 flaws - SC Magazine US
Mozilla on Tuesday released an updated version of its Firefox web browser to shore up a dozen vulnerabilities.

Firefox 3.6.11 fixes eight “critical” flaws that could result in a remote attacker installing malicious software on victim machines.
Mozilla Releases Firefox 3.6.11: US-CERT Current Activity
added October 20, 2010 at 08:57 am
The Mozilla Foundation has released Firefox 3.6.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.14 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.5 and 3.0.9 and SeaMonkey 2.0.9.

US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories released on October 19, 2010 and apply any necessary updates to help mitigate the risks.

Firefox dirty dozen: Mozilla patches 'critical' browser flaws | ZDNet
Mozilla has released Firefox 3.6.11 with patches for a dozen security holes, some serious enough to launch attacks if a user simply surfs to a booby-trapped website.

In all, the open-source released nine bulletins documenting 12 security vulnerabilities. Five of the bulletins are rated “critical,” meaning that those vulnerabilities can be exploited to run attacker code and install software, requiring no user interaction beyond normal browsing.

RealNetworks Releases Security Update for RealPlayer Vulnerabilities: US-CERT Current Activity
added October 18, 2010 at 08:08 am
RealNetworks has issued a Security Update to address multiple vulnerabilities affecting RealPlayer. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the RealNetworks security advisory and apply any necessary updates to help mitigate the risks.

Critical RealPlayer Update — Krebs on Security

Real Networks Inc. has released a new version of RealPlayer that fixes at least seven critical vulnerabilities that could be used to compromise host systems remotely if left unpatched.

I’ve never hidden my distaste for this program, mainly due to its history of unnecessarily tracking users, installing oodles of third party software, and serving obnoxious pop-ups. But I realize that many people keep this software installed because a handful of sites still only offer streaming in the RealPlayer format. If you or someone you look after has this program installed, please update it.


Google Releases Chrome 7.0.517.41: US-CERT Current Activity
added October 20, 2010 at 11:47 am
Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Google plugs 'high risk' Chrome browser holes | ZDNet

By Ryan Naraine | October 20, 2010, 1:11pm PDT

Google has shipped another Chrome browser update to fix multiple security security vulnerabilities.

Some of these security holes can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user’s system, according to this Secunia advisory.  Secunia rates this a “highly critical” update.

No comments: