Category: Security
Chrome 2.0.172.37 Fixes 2 Security Vulnerabilities
The latest Google Chrome 2 release has fixed 2 security vulnerabilities. As H Online reports: “The first vulnerability could be used by an attacker to run arbitrary code within the Google Chrome sandbox.”
Furthermore, critical memory corruption vulnerability was also fixed which could have caused browser to crash and possibly allowing attacker to run arbitrary code with the privileges of the logged in user.
For some more details, you can always visit H Online.
Thanks to mabdul for sending this.
Weekly Browsers Recap, July 20th
- Microsoft Changes IE8 Default Browser Settings
- US State Dept. workers beg Clinton for Firefox
- Glass-enabled tab bar (Aero) in Opera
- Opera Unite Struggles to Keep up With Its Ambitions
- 3D animations coming to Safari
- Google Chrome Gestures Extension
- DOM flaw can crash many browsers
- Shorten long URLs with thurly
Thanks to Daniel Hendrycks, mabdul and Nox for links.
Mozilla to Patch Critical Firefox 3.5 Vulnerability
Soon enough we will see Firefox 3.5.1 release as Mozilla is working hard to fix the critical security flaw.
Meanwhile, you may temporary mitigate it by disabling JIT in the JavaScript engine, to do so:
Type about:config in the location bar
Search for javascript.options.jit.content, double click it to set it to false.
Internet Explorer 8 – Most Secure Browser, Microsoft Says
An analysis done by Microsoft between Google Chrome 2.0, Firefox 3.0 and Internet Explorer 8 shows that IE8 wins in 7 out of 10 categories, while 3 are draw.
So let’s analyze the categories. Continue Reading
WebKit Vulnerabilities Fixed
The latest Chrome version 2.0.172.31 and Safari 4.0 has fixed one of the vulnerabilities which was exploited in WebKit earlier this month.
As H Online describes: A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability.
Thanks to mabdul for sending this.
Weekly Browsers Recap, May 18th
- WordPress users may want to avoid Microsoft’s new Internet Explorer 8
- Look out IE, Firefox, Chrome is getting much better
- Windows 7 gives Firefox 3, IE8 speed boosts, while Firefox 3.5 slows down
- Mozilla marks June for Firefox 3.5 release candidate
- Firefox Mobile (Fennec) Alpha Up for Windows Mobile Testing
- Google’s Chrome was ‘hackable’ at Pwn2Own contest
- Chrome-on-Mac precursor rough but workable
- Opera Employee Blogging Policies
- Your browser talks too much: How surfers can protect private info
Mac OS X 10.5.7 Update
The latest Mac OS X 10.5.7 update resolves few security issues for both, Safari 4 and 3.2.3 web browsers.
To get more details, please visit the following:
About the Safari 4 Public Beta Security Update
About the security content of Safari 3.2.3
Weekly Browsers Recap, May 11th
- Should Microsoft even bother with Internet Explorer 9?
- Why Firefox Is My Preferred Browser
- 10 handy Firefox about:config hacks
- Mozilla ‘Prism’ Brings Web Apps to Desktop
- Safari, Opera Users Lag Behind in Security Updates
- Are Mobile Web Browsers Even Necessary?
- Mach5 Windows Mobile web browser gives Skyfire some competition
Firefox – Browser with the Most Disclosed Vulnerabilities
From .PDF (download)
“This year, Secunia published advisories for the four most widely used web browsers: Internet Explorer (IE), Safari, Opera, and Mozilla Firefox. 31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those publicly disclosed prior to vendor patch as well as those included in Microsoft Security Bulletins. Continue Reading
Phishing with Images Containing Hidden Code
H-Online writes:
“Arbor Networks, which specialises in combating distributed denial of service (DDoS) attacks, reports on it’s blog that a named web site is actively exploiting Internet Explorer’s MIME-sniffing problem to create phishing attacks. The perpetrators send email containing a supposedly harmless link that seemingly leads to a JPEG image, but the photo contains hidden HTML and JavaScript code that displays a fake eBay login page. While Firefox and Safari return an error message when loading the image, Internet Explorer executes the code.”
Continue reading at h online
Thanks to mabdul for a link.
