| Apr 17, 2008 |
Mozilla Releases Firefox 2.0.0.14 Mozilla has released Firefox 2.0.0.14 to address a vulnerability in the JavaScript engine. This vulnerability is due to memory corruption errors during JavaScript garbage collection. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Products that use the Mozilla rendering engine, such as Thunderbird and SeaMonkey, may also be affected. US-CERT encourages users to review Mozilla Foundation Security Advisory 2008-20 and apply any necessary updates or workarounds. |
| Apr 17, 2008 |
Apple Releases Safari 3.1.1 Apple has released Safari 3.1.1 to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or spoof the contents of the browser address bar. US-CERT encourages users to review Apple's About the security content of Safari 3.1.1 document and upgrade to Safari 3.1.1 to help mitigate the risks. |
| Apr 15, 2008 |
Oracle Releases Critical Patch Update for April 2008 Oracle has released their Critical Patch Update for April 2008 to address 41 vulnerabilities across several products. This update contains the following security fixes:
|
| Apr 15, 2008 |
Federal Subpoena Email Scam US-CERT has seen public reports of a scam circulating via email messages that claim to be federal subpoenas. These messages request that the user follow a link to download additional information about the case. If a user clicks on this link, malicious code may be installed on the system. US-CERT encourages users to do the following to help mitigate the risk:
|
| Apr 14, 2008 |
Oracle Issues Pre-Release Announcement for April Critical Patch Update Oracle has issued a Pre-Release Announcement indicating that its April Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products. The announcement further states that
We will provide additional information as it becomes available. |
| Apr 14, 2008 |
EMC DiskXtender Vulnerabilities US-CERT is aware of reports of vulnerabilities in EMC DiskXtender. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions on an affected system. US-CERT encourages users to visit EMC's website for additional information regarding these vulnerabilities. |
| Apr 14, 2008 |
ClamAV PE Scanning Vulnerability US-CERT is aware of a report of a buffer overflow vulnerability affecting ClamAV. This heap-based buffer overflow vulnerablity may allow an attacker to execute arbitrary code on an affected system. US-CERT recommends that users do not scan PE files from untrusted sources. |
| Apr 11, 2008 |
Active Exploitation of GDI Vulnerabilities US-CERT has seen public reports of an exploit targeting vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable. Additional information about these vulnerabilities is available in the Vulnerability Notes Database. US-CERT encourages users to review MS08-021 and apply the patch or workarounds to help mitigate the risks. |
| Apr 09, 2008 |
Email Attack Circulating US-CERT has seen reports of an email attack that is circulating. This attack is in the form of an email message with the subject line "Evacuation process has been started due to radiation leaks at San Clemente Nucklear Power Station." The message body states that the information is from a trusted news source and encourages users to follow a link to view a video. This link may direct users to a website hosting malicious code. US-CERT encourages users to do the following to help mitigate the risk:
|
| Apr 09, 2008 |
IBM Lotus Notes Vulnerabilities IBM has released Technote 1298453 to address multiple vulnerabilities in Lotus Notes. These vulnerabilities are due to improper handling of the following file types:
US-CERT encourages users to review IBM Technote 1298453 and apply the appropriate updates or workarounds. |