Multiple vulnerabilities fixed in Firefox, Thunderbird and Seamonkey
Mozilla has issued updated versions of Firefox, Thunderbird and Seamonkey with fixes for multiple vulnerabilities. Descriptions of the vulnerabilities that were addressed with this update can be read at;
Firefox 1.5.0.7 Release notes
Thunderbird 1.5.0.7 Release notes
SeaMonkey 1.0.5 Release notes
Downloads for these updated Mozilla products are at Firefox Thunderbird and SeaMonkey
Firefox 1.5.0.7 Release notes
Thunderbird 1.5.0.7 Release notes
SeaMonkey 1.0.5 Release notes
Downloads for these updated Mozilla products are at Firefox Thunderbird and SeaMonkey
Keywords:
0 comment(s)
Citrix Access Gateway Advanced Access Control remote and local vulnerability reported
FrSIRT is reporting a serious remotely and locally exploitable vulnerability, Citrix Access Gateway Advanced Access Control LDAP Authentication Bypass, "which could be exploited by attackers to gain unauthorized access to a vulnerable application without supplying valid credentials.". At this time FrSIRT's links to Citrix are dead and I can't find any related information at Citrix.
UPDATE We were notified by Jerry that the FrSIRT links were working as of Saturday evening, September 16. Thanks Jerry.
UPDATE We were notified by Jerry that the FrSIRT links were working as of Saturday evening, September 16. Thanks Jerry.
Keywords:
0 comment(s)
Update/Fix for MS06-049
Microsoft has re-released a bulletin, or rather published an update to an existing bulletin, which originally only had a risk of privilege elevation. The latest revision of Knowledge Base article 920958 outlines problems that *may* occur with the installation of MS06-049. According to MS "After you install security update 920958 (MS06-049) on a computer that is using NTFS file system compression, compressed files that are larger than 4 kilobytes may be corrupted when you create or update the files." We here at ISC now have confirmation of the problem with a reader submitting that yes, indeed, it does exist. MS has also published a fix for this in KB 925308 in case "you are severely affected". IMHO you're either affected or you're not and would want to take steps accordingly.
Keywords:
0 comment(s)
Haxdoor Incident Details at Honeyblog.Org
The folks at Honeyblog.Org have an great write up on a malware incident involving Haxdoor, see On the Economics of Botnets - Part 2. "In total, more than 39,000 different IP addresses fell victim of this particular Haxdoor infection.".
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 
Comments