More December Security Patches: QuickTime, Firefox, and a huge Patch Tuesday coming

The second week in December is starting with a bunch of patching.  So far this week, we have QuickTime, Firefox, and Thunderbird with security updates, and next Tuesday promises to be another record Patch Tuesday with patches for IE among other things.  (Updated Fri 10 Dec 2010  18:31 MST)

Apple QuickTime Patch Fixes 15 Flaws — Krebs on Security

Apple this week issued an update that plugs at least 15 security holes in its QuickTime media player.  The patch – which brings QuickTime to version 7.6.9 — quashes several critical bugs that could be exploited to install malicious software were a user to load a poisoned media file. Updates are available for both Mac and Windows versions of the program.

More links:

• Apple's bulletin: About the security content of QuickTime 7.6.9
• Apple plugs 15 gaping security holes in QuickTime | ZDNet
• Get it here: QuickTime Download

Mozilla Firefox 3.6.13, Thunderbird 3.1.7

The Mozilla Foundation has released Firefox 3.6.13 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, spoof the location bar, or operate with elevated privileges.

More links:

• Mozilla Firefox 3.6.13 Release Notes
• SANS: Firefox version 3.6.13 SANS also notes that Thunderbird 3.1.7 and 3.0.11 have also been released.

Update Fri 10 Dec 2010 18:31 MST:

• Firefox 3.6.13 issued to fix 13 flaws, 11 "critical" - SC Magazine US
• Firefox plugs drive-by download security holes | ZDNet

MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities | ZDNet

The December batch of patches will cover security holes in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange, according to an advance notice posted Thursday.

Of the 17, Microsoft said two bulletins will be rated “critical,” the company’s highest severity rating.  Of the remainder, 14 will be rated “important.”
More links:

• December 2010 Advance Notification Service is released - The Microsoft Security Response Center (MSRC) - Site Home - TechNet Blogs
• Microsoft to address IE, Stuxnet flaws, 38 others - SC Magazine US

And for a final note, if you use CCleaner, you should update to version 3.01. It has lots of improvements. Get a portable version from the CCleaner - Builds page.

Piriform Blog - CCleaner v3.01

Change log:

• Improved application startup time and INI loading speeds.
• Removed need to reboot for Index.dat cleaning.
• Improved cookie cleaning in Firefox 4.0 Beta 7.
• Improved Chromium based browser detection and cleaning.
• Added support for Adobe Reader 10 and Acronis True Image.
• Improved cleaning for 7-Zip, Adobe Reader 9.0, Microsoft Silverlight Isolated Storage, WinPatrol and Microsoft Management Console.