Thunderbird v24.0 released
FYI...
Thunderbird v24.0 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Sep 17, 2013
Security Advisories
- https://www.mozilla.org/security/kno...hunderbird24.0
Fixed in Thunderbird 24.0
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
___
- http://www.securitytracker.com/id/1029044
CVE Reference: CVE-2013-1718, CVE-2013-1719, CVE-2013-1720, CVE-2013-1722, CVE-2013-1723, CVE-2013-1724, CVE-2013-1726, CVE-2013-1728, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738
Sep 17 2013
Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 24.0; prior to ESR 17.0.9...
:fear::fear:
iOS 7, iTunes 11.1 released
FYI...
iOS7 released
- http://support.apple.com/kb/HT5934
Sep 18, 2013
- http://lists.apple.com/archives/secu.../msg00006.html
- https://secunia.com/advisories/54886/
Release Date: 2013-09-19
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Brute force, Exposure of sensitive information, DoS, System access
Operating System: Apple iOS 4.x for iPhone 3GS and later, Apple iOS 4.x for iPhone 4 (CDMA), Apple iOS 5.x for iPhone 3GS and later, Apple iOS 6.x for iPhone 3GS and later, Apple iOS for iPad 4.x, Apple iOS for iPad 5.x, Apple iOS for iPad 6.x, Apple iOS for iPod touch 6.x ...
Solution: Upgrade to version 7...
Original Advisory: APPLE-SA-2013-09-18-2:
http://support.apple.com/kb/HT5934
- http://www.securitytracker.com/id/1029054
CVE Reference: CVE-2011-2391, CVE-2013-0957, CVE-2013-1036, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-3950, CVE-2013-3953, CVE-2013-3954, CVE-2013-3955, CVE-2013-4616, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2013-5129, CVE-2013-5131, CVE-2013-5134, CVE-2013-5137, CVE-2013-5138, CVE-2013-5139, CVE-2013-5140, CVE-2013-5141, CVE-2013-5142, CVE-2013-5145, CVE-2013-5149, CVE-2013-5150, CVE-2013-5151, CVE-2013-5152, CVE-2013-5153, CVE-2013-5154, CVE-2013-5155, CVE-2013-5156, CVE-2013-5157, CVE-2013-5158, CVE-2013-5159
Sep 18 2013
Impact: Denial of service via local system, Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 7 ...
- http://www.securitytracker.com/id/1029072
Sep 20 2013
Impact: User access via local system
Vendor Confirmed: Yes Exploit Included: Yes
Version(s): 7
... A local user can invoke the Apple Control Center and bypass the passcode lock screen to access photos and related photo sharing applications.... No solution was available at the time of this entry.
The vendor is working on a fix...
___
- http://www.theinquirer.net/inquirer/...te-apple-users
Sep 19 2013 - "... Apple released its iOS 7 mobile operating system update on Wednesday, although download problems have meant that thousands still haven't been able to upgrade to the latest software. As seems typical with iOS updates, the release of iOS 7 didn't go smoothly. Thousands of keen iPhone and iPad users tried to download the iOS 7 update as soon as it went live... some users inundated with error messages after trying to install the software, while others were unable to download it at all... download failures likely having occurred because the firm's network and servers infrastructure couldn't handle the huge surge in traffic..."
___
iTunes 11.1 released
- http://support.apple.com/kb/HT5936
Sep 18, 2013
- http://lists.apple.com/archives/secu.../msg00005.html
- https://secunia.com/advisories/54893/
Release Date: 2013-09-19
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1035 - 9.3 (HIGH)
... vulnerability is reported in versions prior to 11.1.
Solution: Update to version 11.1.
Original Advisory: APPLE-SA-2013-09-18-1:
http://support.apple.com/kb/HT5936
- http://www.securitytracker.com/id/1029053
CVE Reference: CVE-2013-1035
Sep 18 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.1 ...
:fear:
OpenOffice 4.0.1 released ...
FYI...
OpenOffice 4.0.1 released ...
- https://cwiki.apache.org/confluence/...+Release+Notes
Sep 29, 2013 - "Apache OpenOffice 4.0.1 is a maintenance release which fixes critical issues and improves the overall quality of the application. All users of Apache OpenOffice 4.0 or earlier are advised to upgrade. You can download Apache OpenOffice 4.0.1 here*.
General areas of improvement include: additional native language translations, bug fixes, performance improvements and Windows 8 compatibility enhancements...
* http://www.openoffice.org/download/
Performance Improvements/Enhancements compared to OpenOffice 4.0.0:
The performance for saving XLS files was boosted by more than 230%.
Improvements/Enhancements missing in the OpenOffice 4.0.0 release notes:
OpenOffice 4.0 integrated the very popular extensions "Presenter Screen" and "Presentation Minimizer" into the core product.
Bug Fixes ..."
:blink:
Adblock Plus 2.4 update...
FYI...
Adblock Plus updates...
- https://adblockplus.org/releases/adb...opera-released
2013-10-09 - "Adblock Plus 2.4 for Firefox, Adblock Plus 1.6 for Chrome and Opera released...
• Firefox-only changes
Fixed: Adblock Plus icon wasn’t showing up on browser startup for some users.
Fixed: Redirect blocking wasn’t working in current Firefox versions.
Fixed: Issue reporter fails to process some console errors.
Fixed: Adblock Plus fails to start up when updating in current Firefox nightly builds (workaround for bug 924340).
• Chrome/Opera-only changes
The number of ads blocked on a page and in total now shows up when in the icon is clicked..."
- https://addons.mozilla.org/en-US/fir.../adblock-plus/
:bigthumb:
Apple Java update... 2013.10.15 ...
FYI...
Apple-SA-2013-10-15-1 Java for OS X 2013-005 and Mac OS X v10.6 Update 17
- http://lists.apple.com/archives/secu.../msg00001.html
15 Oct 2013
- https://secunia.com/advisories/55328/
Release Date: 2013-10-16
Criticality: Highly Critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
CVE Reference(s): CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854
... update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious users to manipulate certain data and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
For more information: https://secunia.com/SA55315/
Solution: Apply Java for OS X 2013-005 or Mac OS X v10.6 Update 17 (please see the vendor's advisory for details).
Original Advisory: APPLE-SA-2013-10-15-1:
http://lists.apple.com/archives/secu.../msg00001.html
:fear::fear:
AdblockPlus - Customizable Facebook page
FYI...
Customizable Facebook page
- https://adblockplus.org/blog/customizable-facebook-page
2013-10-21 - "You can now customize Facebook with Adblock Plus. Under default settings, ABP blocks all Facebook ads – sponsored stories, page post ads, standard ads, promoted posts or otherwise. But there are other unneeded, potentially unwanted elements that insert themselves automatically into your news feed and sidebar. Now you can block these too..."
- http://facebook.adblockplus.me/en/
- http://www.infoworld.com/t/web-brows...oyances-229247
Oct 22, 2013 - "... Many end users understand all too well that the vast majority of sites need ad revenue to survive, but are fed up with obnoxious, experience-killing ads that leak privacy data..."
:fear:
iOS 7.0.3, Safari 6.1, OS X Mavericks v10.9, iTunes 11.1.2 ...
FYI...
iOS 7.0.3 ...
- http://lists.apple.com/archives/secu.../msg00002.html
22 Oct 2013
- https://secunia.com/advisories/55447/
Release Date: 2013-10-23
NOT Critical ...
- http://www.securitytracker.com/id/1029233
CVE Reference: CVE-2013-5144, CVE-2013-5162, CVE-2013-5164
Oct 23 2013
Impact: User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7.0.2; iPhone 4 and later ...
Solution: The vendor has issued a fix (7.0.3).
The vendor's advisory is available at:
http://support.apple.com/kb/HT6010
___
Safari 6.1 ...
- http://lists.apple.com/archives/secu.../msg00003.html
22 Oct 2013
- https://secunia.com/advisories/55448/
Release Date: 2013-10-23
Criticality: Highly Critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information, System access
CVE Reference(s): CVE-2013-1036, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-2848, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2013-5129, CVE-2013-5130, CVE-2013-5131
... vulnerabilities are reported in versions prior to 6.1.
Solution: Update to version 6.1.
Original Advisory: APPLE-SA-2013-10-22-2:
http://support.apple.com/kb/HT6000
___
OS X Mavericks v10.9 ...
- http://lists.apple.com/archives/secu.../msg00004.html
22 Oct 2013
- https://secunia.com/advisories/55446/
Release Date: 2013-10-23
Criticality: Highly Critical
Where: From remote
Impact: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
Operating System: Apple Macintosh OS X
CVE Reference(s): CVE-2011-2391, CVE-2011-3389, CVE-2011-3427, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-0249, CVE-2013-1667, CVE-2013-1944, CVE-2013-3950, CVE-2013-3954, CVE-2013-4073, CVE-2013-5135, CVE-2013-5138, CVE-2013-5139, CVE-2013-5141, CVE-2013-5142, CVE-2013-5145, CVE-2013-5165, CVE-2013-5166, CVE-2013-5167, CVE-2013-5168, CVE-2013-5169, CVE-2013-5170, CVE-2013-5171, CVE-2013-5172, CVE-2013-5173, CVE-2013-5174, CVE-2013-5175, CVE-2013-5176, CVE-2013-5177, CVE-2013-5178, CVE-2013-5179, CVE-2013-5180, CVE-2013-5181, CVE-2013-5182, CVE-2013-5183, CVE-2013-5184, CVE-2013-5185, CVE-2013-5186, CVE-2013-5187, CVE-2013-5188, CVE-2013-5189, CVE-2013-5190, CVE-2013-5191, CVE-2013-5192
Solution: Update to version 10.9 (Maverick).
Original Advisory: APPLE-SA-2013-10-22-3:
http://support.apple.com/kb/HT6011
http://lists.apple.com/archives/secu.../msg00004.html
___
iTunes 11.1.2
- http://lists.apple.com/archives/secu.../msg00009.html
22 Oct 2013
- https://secunia.com/advisories/55442/
Release Date: 2013-10-23
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Solution Status: Vendor Patch
CVE Reference(s): CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1024, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128
... vulnerabilities are reported in versions prior to 11.1.2.
Solution: Update to version 11.1.2.
Original Advisory: APPLE-SA-2013-10-22-8:
http://support.apple.com/kb/HT6001
:fear::fear::fear:
WordPress 3.7 released ...
FYI...
WordPress 3.7 released
- https://wordpress.org/download/
Oct 24, 2013 - "The latest stable release of WordPress (Version 3.7) is available..."
- http://wordpress.org/news/2013/10/basie/
- https://codex.wordpress.org/Version_3.7
- https://codex.wordpress.org/Changelog/3.7
- http://core.trac.wordpress.org/query...&milestone=3.7
Results... 438
___
- http://nakedsecurity.sophos.com/2013...ile-you-sleep/
Oct 26, 2013 - "... it will automatically update itself with the latest maintenance and security releases... researchers believe that as many as 73% of the WordPress sites out there are vulnerable to attack purely because they aren't running the latest version... The automatic updater also supports themes and plugins - the software skins and add-ons that allow users to customise their WordPress websites..."
> http://nakedsecurity.sophos.com/2013...ble-to-attack/
:fear::fear:
Thunderbird v24.1 released
FYI...
Thunderbird 24.1.1
- https://www.mozilla.org/security/kno...nderbird24.1.1
Fixed in Thunderbird 24.1.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
- https://www.mozilla.org/security/ann...a2013-103.html
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Nov 19, 2013
___
Thunderbird v24.1 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Oct 29, 2013
Security Advisories
- https://www.mozilla.org/security/kno...hunderbird24.1
Fixed in Thunderbird 24.1
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
___
- https://secunia.com/advisories/55489/
Release Date: 2013-10-30
Criticality: Highly Critical
Where: From remote
Impact: Spoofing, System access
... see the vendor's advisories for a list of affected products and versions.
Solution: Update to a fixed version...
- http://www.securitytracker.com/id/1029272
CVE Reference: CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
Oct 30 2013
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 24.1 ...
Solution: The vendor has issued a fix (24.1)...
:fear::fear: