Apple OS X 10.8.4 - Safari v6.0.5 released
FYI...
Apple OS X 10.8.4 - Security Update 2013-002
- http://www.securitytracker.com/id/1028625
CVE Reference: CVE-2013-0982, CVE-2013-0983, CVE-2013-0984, CVE-2013-0985, CVE-2013-0975, CVE-2013-0990, CVE-2013-1024
Jun 5 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8.x prior to 10.8.4; 10.6.x, 10.7.x ...
Solution: The vendor has issued a fix (10.8.4; Security Update 2013-002).
Vendor URL: http://support.apple.com/kb/HT5784
- http://prod.lists.apple.com/archives.../msg00000.html
- https://secunia.com/advisories/53684/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, Security Bypass, DoS, System access
Where: From remote...
- http://h-online.com/-1883007
5 June 2013
- https://support.apple.com/kb/HT1222
___
Safari v6.0.5 released
- http://www.securitytracker.com/id/1028627
CVE Reference: CVE-2013-0926, CVE-2013-1009, CVE-2013-1012, CVE-2013-1013, CVE-2013-1023
Jun 5 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 6.0.5
Solution: The vendor has issued a fix (6.0.5).
Vendor URL: http://support.apple.com/kb/HT5785
- http://prod.lists.apple.com/archives.../msg00001.html
- https://secunia.com/advisories/53711/
Release Date: 2013-06-05
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote...
___
- https://isc.sans.edu/diary.html?storyid=15929
Last Updated: 2013-06-05 02:43:44 UTC
:fear::fear:
WordPress v3.5.2 released
FYI...
WordPress v3.5.2 released
- https://wordpress.org/download/
June 21, 2013 - "The latest stable release of WordPress (Version 3.5.2) is available..."
- https://wordpress.org/news/
June 21, 2013 - "... This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening... Download WordPress 3.5.2 or update now from the Dashboard..."
- https://wordpress.org/news/2013/06/wordpress-3-5-2/
Release notes
- https://codex.wordpress.org/Version_3.5.2
CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
"WordPress Plugin" search results ...
- https://secunia.com/advisories/searc...rdPress+Plugin
Found -606- Secunia Security Advisories ...
June 21, 2013
___
- http://www.securitytracker.com/id/1028700
CVE Reference: CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
Jun 25 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.5.2 ...
- http://h-online.com/-1895188
24 June 2013
:fear::fear:
Thunderbird v17.0.7 released
FYI...
Thunderbird v17.0.7 released
- https://www.mozilla.org/en-US/thunde...7/releasenotes
June 25, 2013
- https://www.mozilla.org/security/kno...nderbird17.0.7
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
___
- https://secunia.com/advisories/53953/
Release Date: 2013-06-26
Criticality level: Highly Critical
Impact: Security Bypass, Exposure of sensitive information, System access
... vulnerabilities are reported in versions prior to 17.0.7.
Solution: Update to version 17.0.7.
- http://www.securitytracker.com/id/1028704
CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
Jun 26 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.7 ...
:fear:
AdblockPlus 2.3.1 released
FYI...
AdblockPlus 2.3.1 released
- https://adblockplus.org/releases/adb...opera-released
2013-07-24
Changes:
- Improved filter list downloads.
- Implemented filter forward-compatibility proposal.
- Implemented an emergency notification mechanism that can be used to communicate important issues.
:fear::fear:
Thunderbird v17.0.8 released
FYI...
Thunderbird v17.0.8 released
- https://www.mozilla.org/en-US/thunde...8/releasenotes
August 6, 2013
Security Advisories
- https://www.mozilla.org/security/kno...nderbird17.0.8
Fixed in Thunderbird 17.0.8
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
___
- http://www.securitytracker.com/id/1028887
CVE Reference: CVE-2013-1701, CVE-2013-1702, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
Aug 6 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.8 ...
- https://secunia.com/advisories/54413/
Release Date: 2013-08-07
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access
... vulnerabilities are reported in the following products:
* Mozilla Thunderbird and Thunderbird ESR versions prior to 17.0.8...
:fear::fear:
WordPress v3.6.1 released
FYI...
WordPress v3.6.1 released
- https://wordpress.org/download/
Sep 11, 2013 - "The latest stable release of WordPress (Version 3.6.1) is available..."
- http://www.securitytracker.com/id/1029025
Sep 11 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.6.1 ...
Solution: The vendor has issued a fix (3.6.1).
The vendor's advisory is available at:
- http://codex.wordpress.org/Version_3.6.1
... Summary: From the announcement post*, this maintenance release addresses 13 bugs with version 3.6... Additionally: Version 3.6.1 fixes three security issues..."
* http://wordpress.org/news/2013/09/wordpress-3-6-1/
- https://secunia.com/advisories/54803/
Release Date: 2013-09-13
Criticality: Moderately Critical
Where: From remote
Impact: Security Bypass, Spoofing, System access
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4338 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4339 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4340 - 3.5
... weakness, security issue, and vulnerability are reported in versions prior to 3.6.1.
Solution: Update to version 3.6.1...
:fear::fear: