Monthly Archives: December 2010

WordPress 3.0.4 Released

WordPress 3.0.4 is available, this release fixes the following:

  • Fix XSS vulnerabilities in the KSES library: Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). (r17172)

Changelog

Microsoft Security Bulletin Summary for December 2010

Microsoft have released a large pile of updates this month:

  • Cumulative Security Update for Internet Explorer (KB 2416400)
  • Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (KB 2416400)
  • Vulnerability in Task Scheduler Could Allow Elevation of Privilege (KB 2305420)
  • Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (KB 2424434)
  • Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (KB 2447961)
  • Vulnerability in Microsoft Windows Could Allow Remote Code Execution (KB 2385678)
  • Vulnerability in Windows Address Book Could Allow Remote Code Execution (KB 2423089)
  • Insecure Library Loading in Internet Connection Sign up Wizard Could Allow Remote Code Execution (KB 2443105)
  • Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (KB 2436673)
  • Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (KB 2440591)
  • Vulnerability in Consent User Interface (KB 2442962)
  • Vulnerability in Windows Netlogon Service (KB 2207559)
  • Vulnerability in Hyper-V Could Allow Denial of Service (KB 2345316)
  • Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (KB 2292970)
  • Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (KB 2433089)
  • Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (KB 968095)
  • Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (KB 2407132)

Microsoft Security Bulletin Summary for December 2010

Thunderbird 3.1.7 Released

Thunderbird Thunderbird 3.1.7 has been released, the update fixes the following issues:

  • Several fixes to improve handling of large folder files stored locally
  • Several fixes to improve corruption in local copy of IMAP mailboxes
  • MFSA 2010-78 Add support for OTS font sanitizer
  • MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
  • MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

Firefox 3.6.13 Released

Firefox 3.6.13 has been released to fix the following issues:

  • MFSA 2010-84 XSS hazard in multiple character encodings
  • MFSA 2010-83 Location bar SSL spoofing using network error page
  • MFSA 2010-82 Incomplete fix for CVE-2010-0179
  • MFSA 2010-81 Integer overflow vulnerability in NewIdArray
  • MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
  • MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
  • MFSA 2010-78 Add support for OTS font sanitizer
  • MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
  • MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
  • MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
  • MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

WordPress 3.0.3 Released

WordPress 3.0.3 is available, this release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

  • Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts. (r16803)

Change Log

WordPress 3.0.2 Released

WordPress 3.0.2 is available, it fixes a few bugs and a SQL injection flaw.

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging
  • Fix occasional irrelevant error messages on plugin activation
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin
  • Clarify the license in the readme
  • Multisite: Fix the delete_user meta capability
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU install

Changelog