Sicurezza informatica Firefox v 3.6.x : Secunia scopre un bug altamente critico
- Creatore Discussione Goofy
- Data di Inizio
Goofy
Moderator
tu sai gia' tutto..sfregiati di questo vanto fin tanto che puoi
questo sfregio non si vuole proprio togliere
Fra
Forumer storico
questo sfregio non si vuole proprio togliere
mi spiace goofy...quando ti sei sfregiato?
Fiber
Banned
e' un fake
Metatarso
Forumer storico
Gooooofy !
-la buona notizia: arriva il fix
-la cattiva notizia: il sandbox serve a poco o nulla
Firefox zero-day fix set up for 30 March release ? The Register
Mozilla acknowledges unpatched bug
Posted in Enterprise Security, 19th March 2010 17:01 GMT
Mozilla confirmed the presence of an unpatched flaw in its browser on Thursday, with a post promising to release a fix at the end of the month.
The flaw, discovered by security researcher Evgeny Legerov and reported by The Reg last month, creates a means to inject hostile code on vulnerable systems. The vulnerability is due to be fixed in version 3.6 of Firefox on 30 March.
In the meantime, the more technically adept or security-conscious user can update to the beta version of the 3.6.2 release, which already plugs the security flaw.
In other browser security news, Google updated the Windows version of its Chrome browser on Wednesday, addressing nine vulnerabilities of varying seriousness.
Left unfixed the flaws created a possible mechanism to run spoofing attacks or bypass security restrictions, such as sandboxing. Users are advised to update to version 4.1.249.1036.
A flaw in the WebKit engine used by Chrome earned its finder, Sergey Glazunov, the first $1,337 pay-out from Google's bug bounty program.
The release also adds features and fixes stability bugs as explained in an advisory here. Google's update comes just days before the much-watched pwn2own hacking contest at the CanSecWest security conference
-la buona notizia: arriva il fix
-la cattiva notizia: il sandbox serve a poco o nulla
Firefox zero-day fix set up for 30 March release ? The Register
Mozilla acknowledges unpatched bug
Posted in Enterprise Security, 19th March 2010 17:01 GMT
Mozilla confirmed the presence of an unpatched flaw in its browser on Thursday, with a post promising to release a fix at the end of the month.
The flaw, discovered by security researcher Evgeny Legerov and reported by The Reg last month, creates a means to inject hostile code on vulnerable systems. The vulnerability is due to be fixed in version 3.6 of Firefox on 30 March.
In the meantime, the more technically adept or security-conscious user can update to the beta version of the 3.6.2 release, which already plugs the security flaw.
In other browser security news, Google updated the Windows version of its Chrome browser on Wednesday, addressing nine vulnerabilities of varying seriousness.
Left unfixed the flaws created a possible mechanism to run spoofing attacks or bypass security restrictions, such as sandboxing. Users are advised to update to version 4.1.249.1036.
A flaw in the WebKit engine used by Chrome earned its finder, Sergey Glazunov, the first $1,337 pay-out from Google's bug bounty program.
The release also adds features and fixes stability bugs as explained in an advisory here. Google's update comes just days before the much-watched pwn2own hacking contest at the CanSecWest security conference
Metatarso
Forumer storico
Brutta brutta cosa.non mi piace questa cosa che sandboxie non sarebbe servito
leggo meglio
Non mi meraviglio più di tanto, ma un po' sì: in particolare mi meraviglio che si possa bucare una sandbox attraverso un browser, che dovrebbe girare a livello user.
Ad es. guarda questo tizio, su Linux buca addirittura SELinux e Apparmor, ma lo fa grazie a dei bachi nel kernel e/o in pulseaudio
[ame=http://www.youtube.com/watch?v=UdkpJ13e6Z0]YouTube - Linux 2.6.30+ Local Kernel Exploit 0day, disabling SELinux/AppArmor/LSM
[/ame]