SANS: Firefox 3.6.11 and 3.5.14 released Thunderbird 3.1.4 and 3.0.9 released
Firefox 3.6.11 and 3.5.14 released, includes security updates (http://www.mozilla.com/firefox/3.6.11/releasenotes/)Mozilla releases Firefox 3.6.11 to address 12 flaws - SC Magazine US
Thunderbird 3.1.4 and 3.0.9 released, includes security patches (http://www.mozillamessaging.com/thunderbird/3.1.5/releasenotes/)
Mozilla on Tuesday released an updated version of its Firefox web browser to shore up a dozen vulnerabilities.Mozilla Releases Firefox 3.6.11: US-CERT Current Activity
Firefox 3.6.11 fixes eight “critical” flaws that could result in a remote attacker installing malicious software on victim machines.
added October 20, 2010 at 08:57 am
The Mozilla Foundation has released Firefox 3.6.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.14 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.5 and 3.0.9 and SeaMonkey 2.0.9.
US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories released on October 19, 2010 and apply any necessary updates to help mitigate the risks.
Firefox dirty dozen: Mozilla patches 'critical' browser flaws | ZDNet
Mozilla has released Firefox 3.6.11 with patches for a dozen security holes, some serious enough to launch attacks if a user simply surfs to a booby-trapped website.
In all, the open-source released nine bulletins documenting 12 security vulnerabilities. Five of the bulletins are rated “critical,” meaning that those vulnerabilities can be exploited to run attacker code and install software, requiring no user interaction beyond normal browsing.
RealNetworks Releases Security Update for RealPlayer Vulnerabilities: US-CERT Current Activity
added October 18, 2010 at 08:08 amCritical RealPlayer Update — Krebs on Security
RealNetworks has issued a Security Update to address multiple vulnerabilities affecting RealPlayer. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the RealNetworks security advisory and apply any necessary updates to help mitigate the risks.
Real Networks Inc. has released a new version of RealPlayer that fixes at least seven critical vulnerabilities that could be used to compromise host systems remotely if left unpatched.
I’ve never hidden my distaste for this program, mainly due to its history of unnecessarily tracking users, installing oodles of third party software, and serving obnoxious pop-ups. But I realize that many people keep this software installed because a handful of sites still only offer streaming in the RealPlayer format. If you or someone you look after has this program installed, please update it.
Google Releases Chrome 7.0.517.41: US-CERT Current Activity
added October 20, 2010 at 11:47 amGoogle plugs 'high risk' Chrome browser holes | ZDNet
Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
By Ryan Naraine | October 20, 2010, 1:11pm PDT
Some of these security holes can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user’s system, according to this Secunia advisory. Secunia rates this a “highly critical” update.