| Jul 17, 2008 |
Mozilla Releases Firefox 3.0.1 Mozilla has released Firefox 3.0.1 to address three vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey. Two of these vulnerabilities were previously fixed in Firefox 2.0.0.16 as well; please see the US-CERT Current Activity entry Mozilla Releases Firefox 2.0.0.16 for additional information. US-CERT encourages users to review the following Mozilla Foundation Security Advisories and upgrade to Firefox 3.0.1 or implement the workarounds provided in the documents to help mitigate the risks:
|
| Jul 16, 2008 |
WordPress Releases Version 2.6 WordPress has released version 2.6 to address approximately 194 bugs, some of which may be security related. US-CERT encourages users to review the WordPress Blog entry related to the release of version 2.6 and upgrade to WordPress version 2.6 to help mitigate any risks. |
| Jul 16, 2008 |
Mozilla Releases Firefox 2.0.0.16 Mozilla has released Firefox 2.0.0.16 to address two vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey. US-CERT encourages users to review the following Mozilla Foundation Security Advisories and upgrade to a fixed version or implement the workarounds listed in the documents to help mitigate the risks. MFSA 2008-34 : Remote code execution by overflowing CSS reference counter MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running |
| Jul 16, 2008 |
BlackBerry Security Advisory Research In Motion has released a Security Advisory to address a vulnerability in the BlackBerry Enterprise Server. This vulnerability is due to the improper processing of PDF files within the distiller component of the BlackBerry Attachment Service. By convincing a user to open a maliciously crafted PDF attachment on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the system running the BlackBerry Attachment Service. US-CERT encourages users to review BlackBerry Security Advisory KB15766 and apply the workarounds to help mitigate the risk. US-CERT will provide additional information as it becomes available. |
| Jul 15, 2008 |
Oracle Releases Critical Patch Update for July 2008 Oracle has released their Critical Patch Update for July 2008 to address 45 vulnerabilities across several products. This update contains the following security fixes:
|
| Jul 14, 2008 |
Zone Alarm Releases Security Advisory Zone Alarm has released a Security Advisory indicating that version 7.0.483.0 has been released to address an issue in the way Microsoft Security Bulletin MS08-037 affects Zone Alarm. US-CERT encourages users to review the Security Advisory and apply the Recommended Actions listed in the document. |
| Jul 11, 2008 |
Oracle Critical Patch Update Pre-Release Announcement for July Oracle has issued a Critical Patch Update Pre-Release Announcement indicating that its July release cycle will contain 45 security fixes for multiple products including Oracle Database, TimesTen In-Memory Database, Application Server, E-Business Suite, Enterprise, PeopleSoft Enterprise and BEA. Release of these updates is scheduled for Tuesday, July 15. US-CERT will provide additional information as it becomes available. |
| Jul 11, 2008 |
Apple Releases Security Updates for iPhone and iPod touch Apple has released iPhone v2.0 and iPod touch v2.0 to address multiple vulnerabilities. These vulnerabilities affect CFNetwork, Kernel, Safari, and WebKit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, spoof websites, conduct cross-site scripting attacks or cause a denial-of-service condition. US-CERT encourages users to review Apple Article HT2351 and apply any necessary updates. |
| Jul 10, 2008 |
Sun Releases Updates for Java SE Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Runtime Environment (JRE), Java Web Start, Java Management Extensions (JMX), JDK, and Java Runtime Environment Virtual Machine. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information or cause a denial-of-service condition. US-CERT encourages users to review the following Sun Alerts and apply any necessary updates:
|
| Jul 09, 2008 |
Microsoft Releases Security Advisory for Word Vulnerability Microsoft has released a Security Advisory to address a vulnerability in Microsoft Word. The advisory indicates that this vulnerability affects Microsoft Office Word 2002 Service Pack 3. By convincing a user to open a specially crafted Word file, a remote attacker may be able to execute arbitrary code, access the affected system with escalated privileges, or cause a denial-of-service condition. Additionally, the advisory indicates that Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability. US-CERT encourages users to review Microsoft Security Advisory 953635 and apply any necessary workarounds to help mitigate the risks. US-CERT will provide additional information as it becomes available. |