Safari v6.0.3 / Security Update 2013-001
FYI...
Safari v6.0.3 released
- https://support.apple.com/kb/HT5671
14 Mar 2013
> http://prod.lists.apple.com/archives.../msg00003.html
- https://secunia.com/advisories/52658/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote ...
Solution: Update to version 6.0.3.
- http://www.securitytracker.com/id/1028292
CVE Reference: CVE-2013-0960, CVE-2013-0961
Mar 14 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.0.3...
___
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
- https://support.apple.com/kb/HT5672
14 Mar 2013
> http://prod.lists.apple.com/archives.../msg00002.html
- http://prod.lists.apple.com/archives...Mar/index.html
- https://secunia.com/advisories/52643/
Release Date: 2013-03-15
Criticality level: Highly critical
Impact: Spoofing, Security Bypass, Exposure of system information, Exposure of sensitive, information, Cross Site Scripting, System access
Where: From remote ...
Solution: Update to OS X Mountain Lion 10.8.3 or apply Security Update 2013-001.
- http://atlas.arbor.net/briefs/index#-1321171050
High Severity
March 15, 2013
Apple releases security patches for a variety of issues in OSX.
Analysis: Considering a typical attack on a end-user system, there are several issues that require attention to include: 1) A method for an attacker to launch a Java application even though Java may be disabled 2) Quicktime security vulnerabilities in the handling of MP4 files and 3) security issues in the way PDFKit handles certain malformed PDF documents. In addition to these issues there are multiple other issues that affect specific scenarios on a server install or issues that would open up the system to a local attack...
- http://www.securitytracker.com/id/1028294
CVE Reference: CVE-2013-0963, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0973, CVE-2013-0976
Updated: Mar 15 2013
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.6.x, 10.7.x, 10.8.x...
About the OS X Mountain Lion v10.8.3 Update
- https://support.apple.com/kb/HT5612
Mar 14, 2013
OS X Mountain Lion Update v10.8.3 (Combo)
- https://support.apple.com/kb/DL1640
Mar 14, 2013
Security Update 2013-001 (Snow Leopard)
- https://support.apple.com/kb/DL1642
Mar 14, 2013
Security Update 2013-001 (Lion)
- https://support.apple.com/kb/DL1643
Mar 14, 2013
:fear::fear:
Thunderbird v17.0.5 released
FYI...
Thunderbird v17.0.5 released
- https://www.mozilla.org/en-US/thunde...5/releasenotes
April 2, 2013
FIXED - Security fixes* ...
FIXED - Adjusting font size when composing emails should be easier (Bug 824926)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
Fixed in Thunderbird 17.0.5
* https://www.mozilla.org/security/kno...nderbird17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
- http://www.securitytracker.com/id/1028382
CVE Reference: CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0799, CVE-2013-0800
Apr 3 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.5
:fear::fear:
Adblock Plus v2.2.4 released
FYI...
Adblock Plus v2.2.4 released
- https://adblockplus.org/en/changelog-2.2.4
2013-05-08
• Fixed: Server names with a trailing dot were mistakenly treated as typos.
• Fixed a Firefox 22 compatibility issue (no colors/imaages in filters list and list of blockable items).
The Future of Facebook Ads (and how Adblock Plus will deal with them)
- https://adblockplus.org/blog/the-fut...deal-with-them
2013-05-07
:fear:
Thunderbird v17.0.6 released
FYI...
Thunderbird v17.0.6 released
- https://www.mozilla.org/en-US/thunde...6/releasenotes
May 14, 2013
- https://www.mozilla.org/security/kno...nderbird17.0.6
Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
- https://secunia.com/advisories/53443/
Release Date: 2013-05-15
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
For more information: https://secunia.com/SA53400/
... vulnerabilities are reported in versions prior to 17.0.6.
Solution: Update to version 17.0.6.
- http://www.securitytracker.com/id/1028559
CVE Reference: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
May 14 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.6
:fear:
IrfanView FlashPix PlugIn FPX 4.36 released
FYI...
IrfanView FlashPix PlugIn FPX 4.36 released
- https://secunia.com/advisories/53579/
Release Date: 2013-05-30
Criticality level: Highly critical
Impact: System access
Where: From remote...
Software: IrfanView FlashPix PlugIn 4.x
CVE Reference: CVE-2013-3486
... vulnerability is caused due to an integer overflow error within the Fpx.dll module...
- http://www.irfanview.com/plugins.htm
PlugIns updated after the version 4.35:
FPX Plugin (4.36) - Installer or ZIP - Fixed loading of FPX (FlashPix) files (reported by Secunia)
- http://www.irfanview.net/plugins/irf...plugin_fpx.exe
:fear::fear: