Monthly Archives: October 2010

Thunderbird 3.1.5 Released

Thunderbird Thunderbird 3.1.5 has been released, the update fixes the following issues:

  • Several fixes to improve the user interface and add-ons experience
  • MFSA 2010-72 Insecure Diffie-Hellman key exchange
  • MFSA 2010-71 Unsafe library loading vulnerabilities
  • MFSA 2010-70 SSL wildcard certificate matching IP addresses
  • MFSA 2010-69 Cross-site information disclosure via modal calls
  • MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
  • MFSA 2010-66 Use-after-free error in nsBarProp
  • MFSA 2010-65 Buffer overflow and memory corruption using document.write
  • MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

Firefox 3.6.11 Released

Firefox 3.6.11 has been released to fix the following issues:

  • Fixed several stability issues
  • MFSA 2010-72 Insecure Diffie-Hellman key exchange
  • MFSA 2010-71 Unsafe library loading vulnerabilities
  • MFSA 2010-70 SSL wildcard certificate matching IP addresses
  • MFSA 2010-69 Cross-site information disclosure via modal calls
  • MFSA 2010-68 XSS in gopher parser when parsing hrefs
  • MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
  • MFSA 2010-66 Use-after-free error in nsBarProp
  • MFSA 2010-65 Buffer overflow and memory corruption using document.write
  • MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

Microsoft Security Bulletin Summary for October 2010

Microsoft Have released lots of updates for the month, the following are the issues patched:

Note: Microsoft bulletin MS10-073 (981957) patches a vulnerability that Stuxnet currently leverages.

  • Cumulative Security Update for Internet Explorer (2360131)
  • Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
  • Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
  • Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
  • Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
  • Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
  • Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
  • Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
  • Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
  • Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
  • Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
  • Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
  • Vulnerability in SChannel Could Allow Denial of Service (2207566)
  • Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
  • Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)

Microsoft Security Bulletin Summary for October 2010