Thunderbird v17.0 released
FYI...
Thunderbird v17.0 released
- https://www.mozilla.org/en-US/thunde...0/releasenotes
Nov 20, 2012
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/thunderbird/all.html
Security Advisories
- https://www.mozilla.org/security/kno...#thunderbird17
___
- http://www.securitytracker.com/id/1027793
CVE Reference: CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842, CVE-2012-5843
Nov 21 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Solution: The vendor has issued a fix (17.0)...
- https://secunia.com/advisories/51358/
Release Date: 2012-11-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote...
Solution: Upgrade to version 17.0.
:fear::fear:
WordPress Plugins - 464 Secunia Security Advisories ...
FYI...
"WordPress Plugin" search results ...
- https://secunia.com/advisories/searc...rdPress+Plugin
Found: 464 Secunia Security Advisories ...
Nov 27, 2012
>> http://piwik.org/blog/2012/11/securi...2012-nov-26th/
Updated: Nov 27, 2012 - "... The website Piwik.org is running WordPress and got compromised, because of a security issue in a WordPress plugin... compromised by an attacker on 2012 Nov 26th, this attacker added a malicious code in the Piwik 1.9.2 Zip file... You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC. If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe..."
___
- http://h-online.com/-1757246
27 Nov 2012
:fear: :sad:
Java 0-Day exploit on sale for ‘Five Digits’
FYI...
Java 0-Day exploit on sale for ‘Five Digits’
- https://krebsonsecurity.com/2012/11/...r-five-digits/
Nov 27, 2012 - "Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program... The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most recent version of Java (the seller says this flaw does not exist in Java 6 or earlier versions)... The seller was not terribly specific on the price he is asking for this exploit, but set the expected offer at “five digits.” The price of any exploit is ultimately whatever the market will bear, but this is roughly in line with the last Java zero-day exploit that was being traded and sold on the underground...
How to Unplug Java from the Browser:
> http://krebsonsecurity.com/how-to-un...m-the-browser/
:fear: :mad:
0-day vulns in MySQL fixed by MariaDB
FYI...
0-day vulns in MySQL fixed by MariaDB
- http://h-online.com/-1761451
3 Dec 2012 - "A recently published security vulnerability in the MySQL open source database has been met with fixes by the developers of the open source MariaDB* fork... they also note that a supposed zero day vulnerability that enumerates MySQL users has been known about for ten years. MariaDB versions 5.1, 5.2, 5.3 and 5.5, in which CVE 2012-5579 is fixed, are available for download*. MySQL provider Oracle has yet to confirm the vulnerabilities, much less provide updated software."
* http://downloads.mariadb.org/
___
- https://secunia.com/advisories/51427/
Release Date: 2012-12-03
... may be related to vulnerability #1: https://secunia.com/SA51008/
CVE Reference(s): CVE-2012-5611, CVE-2012-5612, CVE-2012-5614, CVE-2012-5615
Impact: Brute force, DoS, System access
Where: From local network
Software: MySQL 5.x
Solution: No official solution is currently available...
___
- http://blog.trendmicro.com/trendlabs...-mysql-server/
Dec 6, 2012 - "... MySQL Database is famous for its high performance, high reliability and ease of use. It runs on both Windows and many non-Windows platforms like UNIX, Mac OS, Solaris, IBM AIX, etc. It has been the fastest growing application and the choice of big companies such as Facebook, Google, and Adobe among others. Given its popularity, cybercriminals and other attackers are definitely eyeing this platform..."
:fear::fear:
cPanel - updates available
FYI...
cPanel - updates available
- https://secunia.com/advisories/51494/
Release Date: 2012-12-05
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
Software: cPanel 11.x
... vulnerabilities are reported in versions prior to 11.30.7.4, 11.32.5.15, and 11.34.0.11.
Solution: Update to version 11.30.7.4, 11.32.5.15, or 11.34.0.11.
Original Advisory:
http://cpanel.net/important-security...nel-whm-11-30/
http://cpanel.net/important-11-32-se...te-cpanel-whm/
http://cpanel.net/important-11-34-se...se-cpanel-whm/
:fear::fear:
Shockwave - vulnerable Flash runtime
FYI...
Shockwave player - vulnerable Flash runtime
* http://www.kb.cert.org/vuls/id/323161
Last revised: 17 Dec 2012 - "Adobe Shockwave Player 11.6.8.638 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime..."
- http://h-online.com/-1772754
19 Dec 2012 - "US-CERT has warned that a security hole exists in Adobe's Shockwave Player*. Version 11.6.8.638 and earlier versions that were installed using the company's "Full" installer are affected. These all include an older version of Flash (10.2.159.1) that contains several exploitable vulnerabilities. Shockwave uses a custom Flash runtime instead of a globally installed Flash plugin. According to US-CERT, the Flash vulnerabilities can be exploited to execute arbitrary code at the user's privilege level via specially crafted Shockwave content. As the Shockwave Player tends to be used only rarely, simply uninstalling the software can provide protection. Adobe is even offering an uninstaller** for this purpose..."
** https://www.adobe.com/shockwave/download/alternates/
(See "Shockwave Player Uninstaller".)
- https://krebsonsecurity.com/2012/12/...shockwave-bug/
Dec 19, 2012 - "... U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won’t be fixing it until February 2013..."
- http://www.securitytracker.com/id/1027903
- http://www.securitytracker.com/id/1027904
- http://www.securitytracker.com/id/1027905
Dec 20 2012
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-6270 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-6271 - 9.3 (HIGH)
:fear::fear: :blink:
Sumatra PDF reader v2.2.1 released
FYI...
Sumatra PDF reader v2.2.1 released
- http://blog.kowalczyk.info/software/...apdf/news.html
2013-01-12
Version history - Changes in this release:
• fixed ebooks sometimes not remembering the viewing position
• fixed Sumatra not exiting when opening files from a network drive
• fixes for most frequent crashes and PDF parsing robustness fixes
Download
- http://blog.kowalczyk.info/software/...df-viewer.html
:fear:
WordPress v3.5.1 released
FYI...
WordPress v3.5.1 released
- https://wordpress.org/download/
"The latest stable release of WordPress (Version 3.5.1) is available..."
- https://wordpress.org/news/2013/01/wordpress-3-5-1/
Jan 24, 2013 - "... first maintenance release of 3.5, fixing 37 bugs... a security release for all previous WordPress versions..."
- https://secunia.com/advisories/51967/
Release Date: 2013-01-25
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of sensitive information
Where: From remote
... vulnerabilities are reported in versions prior to 3.5.1.
Solution: Update to version 3.5.1.
- http://www.securitytracker.com/id/1028045
Jan 25 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Host/resource access via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.5.1 ...
"WordPress Plugin" search results ...
- https://secunia.com/advisories/searc...rdPress+Plugin
Found -530- Secunia Security Advisories ...
March 14, 2013
___
- http://h-online.com/-1791820
25 Jan 2013
- http://www.h-online.com/imgs/43/9/7/...c597dc045.jpeg
:fear::fear:
AdblockPlus v2.2.3 released
FYI...
Changelog for Adblock Plus 2.2.3
- https://adblockplus.org/releases/adb...refox-released
Feb 13, 2013 - The following lists the changes compared to Adblock Plus 2.2.3. If you experience issues with this release please check the list of known issues.
• Worked around AVG Security Toolbar 14.0.3.* breaking Adblock Plus among other things.
• Made sure that first-run page always opens is the current browser window (bug 819561)...
___
AdblockPlus v2.2.2 released
- https://adblockplus.org/en/changelog-2.2.2
2013-01-30
- http://news.slashdot.org/story/13/01...orn-cisco-says
Feb 01, 2013 - "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report*. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site..."
* http://www.cisco.com/en/US/prod/vpnd...ty_report.html
AdBlockPlus for Firefox: https://addons.mozilla.org/en-US/fir.../adblock-plus/
> https://adblockplus.org/en/getting_started#install
:fear:
Expect a v2 of iOS 6.1 ...
FYI...
Expect a v2 of iOS 6.1 ...
iOS 6.1 Leads to Battery Life Drain, Overheating for iPhone Users
- http://thenextweb.com/apple/2013/02/...ng-to-ios-6-1/
8 Feb 2013
- http://arstechnica.com/apple/2013/02...ntacts-photos/
Feb 14, 2013 - "An -old- vulnerability in the iPhone's lock screen and Emergency Call feature appears to have resurfaced for a third time in iOS 6.1. With the right sequence of button clicking, it's possible to get to an iPhone user's voicemails, contacts, and photos—even if the iPhone is locked and password protected..."
- https://secunia.com/advisories/52173/
Access restriction in iOS 6 partially useless
- http://h-online.com/-1805842
19 Feb 2013
Rapid growth in transaction logs, CPU use, and memory consumption in Exchange Server 2010 when a user syncs a mailbox by using an iOS 6.1-based device
- http://support.microsoft.com/kb/2814847
Last Review: February 12, 2013 - Revision: 5.0
Status: Apple and Microsoft are investigating this issue. We will post more information in this article when the information becomes available...
Workaround: To work around this issue, do not process Calendar items such as meeting requests on iOS 6.1 devices. Also, immediately restart the iOS 6.1 device...
:fear::fear:
iOS 6.1.2 Software Update
FYI...
iOS 6.1.2 Software Update
- https://support.apple.com/kb/DL1639
Feb 19, 2013 - "Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life...
System Requirements: iPhone 3GS and later, iPad 2 and later, iPod touch 4th generation and later, iPhone 5 ..."
- http://support.microsoft.com/kb/2814847
Last Review: February 19, 2013 Revision: 15.0 - "... Resolution: Apple has posted the following article to address the issue:
- https://support.apple.com/kb/TS4532
Feb 19, 2013 - ... Resolution: To resolve this issue, update to iOS 6.1.2..."
___
iTunes 11.0.2 released
- https://support.apple.com/kb/DL1614
Feb 19, 2013
APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13
- http://prod.lists.apple.com/archives.../msg00002.html
2013-02-19
- http://support.apple.com/kb/HT5666
:fear::fear:
Thunderbird 17.0.3 released
FYI...
Thunderbird 17.0.3 released
- https://www.mozilla.org/en-US/thunde...3/releasenotes
Feb 19, 2013
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/thunderbird/all.html
Security Advisories
- https://www.mozilla.org/security/kno...nderbird17.0.3
- http://www.securitytracker.com/id/1028165
CVE Reference: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
Feb 20 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.3
:fear:
iOS/iTunes/Kindle app update...
FYI...
Amazon fixes its book deleting iTunes Kindle app update
- http://www.theinquirer.net/inquirer/...dle-app-update
Feb 28 2013 - "... Amazon has revisited the webpage and the update. Version 3.6.2* of the Kindle app for iOS includes both a fix for the registration issue and "Various Bug Fixes and Security Fixes"..."
* https://itunes.apple.com/us/app/kind...302584613?mt=8
Updated: Feb 27, 2013
Version: 3.6.2
Size: 21.4 MB
What's New in Version 3.6.2
• Fix for Registration Issue
• Various Bug Fixes and Security Fixes...
:fear::sad:
Flash content in Safari...
FYI...
Apple blocks older insecure versions of Flash...
- https://isc.sans.edu/diary.html?storyid=15316
Last Updated: 2013-03-02 18:23:36 - "Apple has recently stepped up its response to security issues involving 3rd party plug-ins. They have aggressively used its anti-malware tool sets to enforce minimum versions of Adobe Flash*, Oracle Java, and similar popular plug-ins..."
* https://support.apple.com/kb/ht5655
Mar 1, 2013 - "... When attempting to view Flash content in Safari, you may see this alert: "Blocked Plug-in"
Selecting it will display this alert:
'Adobe Flash Player' is out of date.
- Click 'Download Flash…' to have Safari open the Adobe Flash Player installer website.
- Download the latest Adobe Flash Player installer--click the "Download now" button.
- Open the downloaded disk image.
- Open the installer and follow the onscreen instructions...'"
- https://support.apple.com/kb/HT5660
Mar 1, 2013
:fear::fear:
Apple Mac OS X update for Java
FYI...
APPLE-SA-2013-03-04-1: Apple Mac OS X update for Java
- https://secunia.com/advisories/52484/
Release Date: 2013-03-05
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0809, CVE-2013-1493
For more information: https://secunia.com/SA52451/
Original Advisory: APPLE-SA-2013-03-04-1:
- http://support.apple.com/kb/HT5677
- http://prod.lists.apple.com/archives...Mar/index.html
- http://prod.lists.apple.com/archives.../msg00000.html
:fear::fear:
Safari v6.0.3 / Security Update 2013-001
FYI...
Safari v6.0.3 released
- https://support.apple.com/kb/HT5671
14 Mar 2013
> http://prod.lists.apple.com/archives.../msg00003.html
- https://secunia.com/advisories/52658/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote ...
Solution: Update to version 6.0.3.
- http://www.securitytracker.com/id/1028292
CVE Reference: CVE-2013-0960, CVE-2013-0961
Mar 14 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.0.3...
___
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
- https://support.apple.com/kb/HT5672
14 Mar 2013
> http://prod.lists.apple.com/archives.../msg00002.html
- http://prod.lists.apple.com/archives...Mar/index.html
- https://secunia.com/advisories/52643/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Spoofing, Security Bypass, Exposure of system information, Exposure of sensitive, information, Cross Site Scripting, System access
Where: From remote ...
Solution: Update to OS X Mountain Lion 10.8.3 or apply Security Update 2013-001.
- http://atlas.arbor.net/briefs/index#-1321171050
High Severity
March 15, 2013
Apple releases security patches for a variety of issues in OSX.
Analysis: Considering a typical attack on a end-user system, there are several issues that require attention to include: 1) A method for an attacker to launch a Java application even though Java may be disabled 2) Quicktime security vulnerabilities in the handling of MP4 files and 3) security issues in the way PDFKit handles certain malformed PDF documents. In addition to these issues there are multiple other issues that affect specific scenarios on a server install or issues that would open up the system to a local attack...
- http://www.securitytracker.com/id/1028294
CVE Reference: CVE-2013-0963, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0973, CVE-2013-0976
Updated: Mar 15 2013
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.6.x, 10.7.x, 10.8.x...
About the OS X Mountain Lion v10.8.3 Update
- https://support.apple.com/kb/HT5612
Mar 14, 2013
OS X Mountain Lion Update v10.8.3 (Combo)
- https://support.apple.com/kb/DL1640
Mar 14, 2013
Security Update 2013-001 (Snow Leopard)
- https://support.apple.com/kb/DL1642
Mar 14, 2013
Security Update 2013-001 (Lion)
- https://support.apple.com/kb/DL1643
Mar 14, 2013
:fear::fear:
Thunderbird v17.0.5 released
FYI...
Thunderbird v17.0.5 released
- https://www.mozilla.org/en-US/thunde...5/releasenotes
April 2, 2013
FIXED - Security fixes* ...
FIXED - Adjusting font size when composing emails should be easier (Bug 824926)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
Fixed in Thunderbird 17.0.5
* https://www.mozilla.org/security/kno...nderbird17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
- http://www.securitytracker.com/id/1028382
CVE Reference: CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0799, CVE-2013-0800
Apr 3 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.5
:fear::fear:
Adblock Plus v2.2.4 released
FYI...
Adblock Plus v2.2.4 released
- https://adblockplus.org/en/changelog-2.2.4
2013-05-08
• Fixed: Server names with a trailing dot were mistakenly treated as typos.
• Fixed a Firefox 22 compatibility issue (no colors/imaages in filters list and list of blockable items).
The Future of Facebook Ads (and how Adblock Plus will deal with them)
- https://adblockplus.org/blog/the-fut...deal-with-them
2013-05-07
:fear:
Thunderbird v17.0.6 released
FYI...
Thunderbird v17.0.6 released
- https://www.mozilla.org/en-US/thunde...6/releasenotes
May 14, 2013
- https://www.mozilla.org/security/kno...nderbird17.0.6
Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
- https://secunia.com/advisories/53443/
Release Date: 2013-05-15
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
For more information: https://secunia.com/SA53400/
... vulnerabilities are reported in versions prior to 17.0.6.
Solution: Update to version 17.0.6.
- http://www.securitytracker.com/id/1028559
CVE Reference: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
May 14 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.6
:fear:
IrfanView FlashPix PlugIn FPX 4.36 released
FYI...
IrfanView FlashPix PlugIn FPX 4.36 released
- https://secunia.com/advisories/53579/
Release Date: 2013-05-30
Criticality level: Highly critical
Impact: System access
Where: From remote...
Software: IrfanView FlashPix PlugIn 4.x
CVE Reference: CVE-2013-3486
... vulnerability is caused due to an integer overflow error within the Fpx.dll module...
- http://www.irfanview.com/plugins.htm
PlugIns updated after the version 4.35:
FPX Plugin (4.36) - Installer or ZIP - Fixed loading of FPX (FlashPix) files (reported by Secunia)
- http://www.irfanview.net/plugins/irf...plugin_fpx.exe
:fear::fear:
Apple OS X 10.8.4 - Safari v6.0.5 released
FYI...
Apple OS X 10.8.4 - Security Update 2013-002
- http://www.securitytracker.com/id/1028625
CVE Reference: CVE-2013-0982, CVE-2013-0983, CVE-2013-0984, CVE-2013-0985, CVE-2013-0975, CVE-2013-0990, CVE-2013-1024
Jun 5 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8.x prior to 10.8.4; 10.6.x, 10.7.x ...
Solution: The vendor has issued a fix (10.8.4; Security Update 2013-002).
Vendor URL: http://support.apple.com/kb/HT5784
- http://prod.lists.apple.com/archives.../msg00000.html
- https://secunia.com/advisories/53684/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, Security Bypass, DoS, System access
Where: From remote...
- http://h-online.com/-1883007
5 June 2013
- https://support.apple.com/kb/HT1222
___
Safari v6.0.5 released
- http://www.securitytracker.com/id/1028627
CVE Reference: CVE-2013-0926, CVE-2013-1009, CVE-2013-1012, CVE-2013-1013, CVE-2013-1023
Jun 5 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.0.5
Solution: The vendor has issued a fix (6.0.5).
Vendor URL: http://support.apple.com/kb/HT5785
- http://prod.lists.apple.com/archives.../msg00001.html
- https://secunia.com/advisories/53711/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote...
___
- https://isc.sans.edu/diary.html?storyid=15929
Last Updated: 2013-06-05 02:43:44 UTC
:fear::fear:
WordPress v3.5.2 released
FYI...
WordPress v3.5.2 released
- https://wordpress.org/download/
June 21, 2013 - "The latest stable release of WordPress (Version 3.5.2) is available..."
- https://wordpress.org/news/
June 21, 2013 - "... This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening... Download WordPress 3.5.2 or update now from the Dashboard..."
- https://wordpress.org/news/2013/06/wordpress-3-5-2/
Release notes
- https://codex.wordpress.org/Version_3.5.2
CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
"WordPress Plugin" search results ...
- https://secunia.com/advisories/searc...rdPress+Plugin
Found -606- Secunia Security Advisories ...
June 21, 2013
___
- http://www.securitytracker.com/id/1028700
CVE Reference: CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
Jun 25 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.5.2 ...
- http://h-online.com/-1895188
24 June 2013
:fear::fear:
Thunderbird v17.0.7 released
FYI...
Thunderbird v17.0.7 released
- https://www.mozilla.org/en-US/thunde...7/releasenotes
June 25, 2013
- https://www.mozilla.org/security/kno...nderbird17.0.7
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
___
- https://secunia.com/advisories/53953/
Release Date: 2013-06-26
Criticality level: Highly Critical
Impact: Security Bypass, Exposure of sensitive information, System access
... vulnerabilities are reported in versions prior to 17.0.7.
Solution: Update to version 17.0.7.
- http://www.securitytracker.com/id/1028704
CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
Jun 26 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.7 ...
:fear:
AdblockPlus 2.3.1 released
FYI...
AdblockPlus 2.3.1 released
- https://adblockplus.org/releases/adb...opera-released
2013-07-24
Changes:
- Improved filter list downloads.
- Implemented filter forward-compatibility proposal.
- Implemented an emergency notification mechanism that can be used to communicate important issues.
:fear::fear:
Thunderbird v17.0.8 released
FYI...
Thunderbird v17.0.8 released
- https://www.mozilla.org/en-US/thunde...8/releasenotes
August 6, 2013
Security Advisories
- https://www.mozilla.org/security/kno...nderbird17.0.8
Fixed in Thunderbird 17.0.8
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
___
- http://www.securitytracker.com/id/1028887
CVE Reference: CVE-2013-1701, CVE-2013-1702, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
Aug 6 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.8 ...
- https://secunia.com/advisories/54413/
Release Date: 2013-08-07
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access
... vulnerabilities are reported in the following products:
* Mozilla Thunderbird and Thunderbird ESR versions prior to 17.0.8...
:fear::fear:
WordPress v3.6.1 released
FYI...
WordPress v3.6.1 released
- https://wordpress.org/download/
Sep 11, 2013 - "The latest stable release of WordPress (Version 3.6.1) is available..."
- http://www.securitytracker.com/id/1029025
Sep 11 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.6.1 ...
Solution: The vendor has issued a fix (3.6.1).
The vendor's advisory is available at:
- http://codex.wordpress.org/Version_3.6.1
... Summary: From the announcement post*, this maintenance release addresses 13 bugs with version 3.6... Additionally: Version 3.6.1 fixes three security issues..."
* http://wordpress.org/news/2013/09/wordpress-3-6-1/
- https://secunia.com/advisories/54803/
Release Date: 2013-09-13
Criticality: Moderately Critical
Where: From remote
Impact: Security Bypass, Spoofing, System access
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4338 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4339 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4340 - 3.5
... weakness, security issue, and vulnerability are reported in versions prior to 3.6.1.
Solution: Update to version 3.6.1...
:fear::fear: