Windows Security Bulletins and Security News

Lots and lots of computer security related news recently, the IE and Firefox brouhaha concerning a high security risk with how IE handles a “firefoxurl://” URI (uniform resource identifier), Haute Secure blocks malware, Microsoft security bulletins and Facebook pimping da crudware baby.

Firefox and IE together brew up security trouble article about the Firefox and IE combo flaw that could allow someone to compromise their machine remotely.

Site Advisor 2.0: Haute Secure Launches To Detect and Block Malware Little review of Haute Secure from Michael Arrington, he says, “Haute Secure launched moments ago: it?s a new browser plug-in that the company says will detect and block malware before it has a chance to infect your computer. The timing couldn?t be better as news spreads of more Windows-based vulnerabilities.”

Haute Secure They block bad sites and then let you decide if you want to allow it or not. Sounds like the UAC feature of Windows Vista, but I haven’t tried it yet myself.

Microsoft Security Bulletin MS07-036 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) This critical security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities as well as other security issues identified. These vulnerabilities could allow remote code execution on your computer if a user opens a specially created Excel file. Users whose accounts are not configured to run as Administrator will be less impacted than those who do. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

Microsoft Security Bulletin MS07-039 – Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) This critical security patch resolves a vulnerability in Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition, and remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

Facebook found pimping crudware Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software. Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it’s a bargain.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 11, 2007 at 3:04 am

Categories: Firefox, IE7, Security   Tags: , , , , , , , , ,

Firefox Released

Firefox version was released today, download available here.

Fixed in Firefox
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv: Source: Fixes

Windows & Windows Vista
Clicking links in some applications (e.g. some instant messaging programs) might not open them in Firefox, even if you have set it as your default browser. To workaround this problem, go to Start -> Default Programs -> Set default programs for this computer, expand custom, select the radio button next to the app you want to set as the system wide default app (e.g. Firefox, etc.), and apply.
Using the context menu (right-clicking on the Firefox icon) to start in Safe Mode, doesn’t work. As a workaround, use the “Mozilla Firefox (Safe Mode)” menu item that appears in the Start Menu instead.
A Windows Media Player (WMP) plugin is not provided with Windows Vista. As a workaround, in order to view Windows Media content, you can follow these instructions. Note that after installing you may have to get a security update and apply it before you can see the content in the browser.
Vista Parental Controls are not completely honored. In particular, file downloads do not honor Vista’s parental control settings. This will be addressed in an upcoming Firefox release.
When migrating from Internet Explorer 7 to Firefox, cookies and saved form history are not imported. Source: Firefox Release Notes

In total they patched 14 vulnerabilities, but one of the two that were not patched was a serious vulnerability that could allow hackers to inject code remotely just by getting visitors to their malicious webpage, and could let to a compromise of the system. The memory corruption flaw is detailed here memory corruption when onUnload is mixed with document.write()s. US-CERT recommends you disable JavaScript until the flaw is patched.

Here is the current activity listed by US-CERT after the break.
Read more…

Be the first to comment - What do you think?  Posted by Jimmy Daniels - February 24, 2007 at 6:20 am

Categories: Firefox, Security   Tags:

Firefox Security & Stability Update Version

For all of you still running Firefox 1.5, they have released a security and stability update, version, that you should update to. Buy why not just go ahead and get Firefox 2.0?

As part of Mozilla Corporation?s ongoing stability and security update process, Firefox is now available for Windows, Mac, and Linux for free download from ( We strongly recommend that all Firefox 1.5.x users upgrade to this latest release. This update is available immediately in 37 languages including German, French, Spanish, Japanese, Simplified and Traditional Chinese, Korean, and more.

Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2 ( Source: Mozilla Developer Center

Release notes are available here.

Download it from here.

If you don’t want to go ahead and get it, you should receive an automated update notification with 48 hours.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - November 8, 2006 at 6:58 pm

Categories: Browsers, Firefox, Security   Tags:

Browser Roundup

The folks over at Read/Write Web just posted an article, Web Browser Face-off, comparing web browsers, including the recent upgrades, IE7 and Firefox 2.0. It’s more of a “roundup” than a face-off, this is not a big review of each browser, just a comparison of their pros and cons. They look at [tag]IE7[/tag], Firefox 2.0, [tag]Safari[/tag], [tag]Opera[/tag], [tag]Flock[/tag] and [tag]Maxthon[/tag]. Anyway, if a good quick comparison of web browsers with no one picked as a winner is what you are looking for, read on.

The last few weeks have been packed with browser action and the two market leaders, Internet Explorer and Firefox, have launched major new versions. So to round out our recent browser coverage, we present the Web Browser Face-off – looking at how all the main browsers compare with each other in terms of features and innovation. We are basically looking for what is unique, interesting – and missing – in each browser.

Right now Microsoft still holds onto its huge market lead, but Firefox is gaining more ground every month. Probably more importantly, there are other major innovators in the browser space – such as the social browser Flock (a Read/WriteWeb sponsor) and the perennial innovator Opera. The Mac browser Safari of course has many passionate supporters, while new kid Maxthon is one to watch.

Regardless of who will prevail in the ‘browser 2.0 wars’, the users will win. While fighting each other, the browser makers innovate and simplify. They increase our productivity by integrating into the browser web concepts such as search, RSS, OPML, micro formats and more. The core browsers are getting slimmer and faster, while extensions that cover a wide range of services are being developed by external parties. Source: Read/Write Web

Over on PCWorld, they compare IE7 to Firefox 2.0 and come up with a winner, even if their reasoning is because one was first to the table with some of it’s offerings.

Firefox is a global, open-source project, so development has been very swift when compared to Microsoft’s closed-source development of Internet Explorer. We’ve had to wait a very long time between IE6 and IE7, so most users are installing IE7 with high expectations. The good news is that both browsers have seen some significant enhancements in three key areas: user experience, security and web standards. The bad news is that one browser still has better features and standards support than the other.

The better browser is Firefox 2 for two reasons: innovation and ease of use.

Both browsers are loaded with modern productivity features, but while Microsoft is just introducing these features to its browser, Firefox has already had them long enough to refine them, enhance them and make them even easier to use. While Microsoft has added an integrated search box to IE7, Firefox has added auto-suggest query completion and advanced search engine management to its own familiar search box. IE7 can now handle RSS feeds, but Firefox has several options for adding feeds within the browser, a client or your web service of choice. Source: PCWorld

I’m currently using both browsers and like both equally, but I am used to using the big blue E, so my time is mostly one sided, I need to remember to use Firefox. So, i guess I lean more towards IE7 by default, just as some of these people lean towards Firefox. They are both better browsers so you really can’t go wrong.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 26, 2006 at 3:54 pm

Categories: Browsers, Firefox, IE7   Tags: , , , , ,

Firefox 2.0 Hits the FTP Server

They noticed over at Ars Technica that there was a brand new directory on the Mozilla Foundation’s FTP servers that looked like it contains the new Firefox 2.0. The latest version offers many new features and enhancements, including, Visual Refresh, which is Firefox 2′s theme and user interface, built-in phishing protection that warns users when they encounter suspected Web forgeries, enhanced search capabilities, improved tabbed browsing, being able to resume your browser session, and everything you were doing before the crash, previewing and subscribing to Web feeds, inline spell checking, Live Titles, an improved Add-ons manager, JavaScript 1.7 support, extended search plugin formats, the extension system has been updated to provide enhanced security and to allow for easier localization of extensions, client-side session and persistent storage, support for the svg:textpath specification, and a new Windows installer.

Ars contacted Firefox to find out if version 2.0 had been released a day ahead of schedule. We were told that “Mozilla has started the process to get Firefox 2 ready for release on Tuesday,” by a Mozilla spokesperson. “Mozilla does not guarantee that any set of files currently found within its Web site or elsewhere will be the final release. Starting tomorrow afternoon, everyone should go through Mozilla’s main channels for download at or to obtain Firefox, as this is the pathway Mozilla has optimized for the high volume of Web traffic.” Source: Ars Technica

So, don’t download it until tomorrow when they officially release it, or you may end up with some problems you don’t need.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 23, 2006 at 8:01 pm

Categories: Browsers, Firefox   Tags:

Firefox 2.0 RC2 Review

Here is a great write-up on Firefox 2.0 RC2 from ars technica.

Numerous elements of the user interface have received a considerable stylistic overhaul. Although these changes are primarily aesthetic in nature, several alterations also affect usability. First present in the second beta release, the initial modifications suffered from several minor deficiencies that made the whole thing look rather awkward, particularly on Linux. Most of the problems introduced by the visual changes were resolved in the first release candidate. In RC1 and RC2, the various elements of the URL bar finally have a consistent size and shape. Unfortunately, the green arrow button is difficult to remove from URL bar, but it can be accomplished by hitting about:config and tweaking the browser.urlbar.hideGoButton, changing it to “true.” The magnifying glass button in the search bar appears impossible to remove.

Looking for all of the new features added?

  • Visual Refresh
  • Built-in phishing protection
  • Enhanced search capabilities
  • Improved tabbed browsing
  • Resuming your browsing session
  • Previewing and subscribing to Web feeds: Users can decide how to handle Web feeds.
  • Inline spell checking
  • Live Titles
  • Improved Add-ons manager
  • JavaScript 1.7
  • Extended search plug-in format
  • Updates to the extension system
  • Client-side session and persistent storage
  • SVG text: Support for the svg:textpath specification enables SVG text to follow a curve or shape.
  • New Windows installer

Check the Release notes for a full description, and get the latest version here. Check here for the latest extensions and themes and the knowledge base for more useful information. If you are having trouble after upgrading, you may be having trouble with an extension or a theme, so start Firefox in safe mode by going to run and entering this command: firefox.exe -safe-mode. When started in safe mode all extensions are disabled and it used the default theme. Happy and safe browsing.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 10, 2006 at 2:59 pm

Categories: Firefox   Tags:

Firefox LinkChecker

Had numerous searches on my site for Firefox Linkchecker, so here it is.

Firefox Linkchecker

Check webpage links at a glance with simple color coding. Ditch those massive listings of bad links that provide no context and add LinkChecker to your arsenal of web development tools today.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 14, 2006 at 10:55 pm

Categories: Firefox   Tags: