Brandon

Members
 View Profile  See their activity

  • Content Count

    550

  • Joined

  • Last visited

 Content Type 

Posts posted by Brandon

  4. Firefox Multiple Vulnerabilities

    in Security Alerts

    Posted

    Description:

    Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, potentially disclose sensitive information, and potentially compromise a user's system.

    1) Some errors in the JavaScript engine where certain temporary variables are not properly protected may be exploited to execute arbitrary code via a user-defined method triggering garbage collection.

    One of the vulnerabilities affects only version 1.5. The other affects version 1.5 and prior.

    2) An error in the dynamic style handling can be exploited to reference freed memory by changing the style of an element from "position:relative" to "position:static".

    Successful exploitation may allow execution of arbitrary code.

    The vulnerability has been reported in version 1.5.

    3) An error in the "QueryInterface" method of the Location and Navigator objects can be exploited to cause a memory corruption.

    Successful exploitation may allow execution of arbitrary code.

    The vulnerability has been reported in version 1.5.

    4) An input validation error in the processing of the attribute name when calling "XULDocument.persist()" can be exploited to inject arbitrary XML and JavaScript code in "localstore.rdf", which will be executed with the permissions of the browser the next time the browser starts up again.

    5) Some integer overflows in the E4X, SVG, and Canvas functionalities may be exploited to execute arbitrary code.

    The vulnerabilities have been reported in version 1.5.

    6) A boundary error in the "nsExpatDriver::ParseBuffer()" function in the XML parser may be exploited to disclose data on the heap.

    The vulnerability does not affect version 1.0.

    7) The internal "AnyName" object of the E4X functionality is not properly protected. This can be exploited to create a communication channel between two windows or frames having different domains.

    This does not pose any direct risks and does not allow bypass of same-origin restrictions or disclosure of web content from other domains.

    The vulnerability does not affect version 1.0.

    Solution:

    Update to version 1.5.0.1.

    http://www.mozilla.com/firefox/

    http://secunia.com/advisories/18700/

  5. Thunderbird Multiple Vulnerabilities

    in Security Alerts

    Posted

    Description:

    Some vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, potentially disclose sensitive information, and potentially compromise a user's system.

    For more information:

    http://secunia.com/SA18700/

    Success exploitation of vulnerabilities #1, #2, #3, #4, #5, and #7 requires that JavaScript is enabled (not enabled by default).

    Solution:

    Disable JavaScript and do not open mails from untrusted sources.

    http://secunia.com/advisories/18704/

  7. Winamp Computer Name Handling Buffer Overflow Vulnerability

    in Security Alerts

    Posted

    Description:

    ATmaCA has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.

    The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes).

    Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited.

    The vulnerability has been confirmed in version 5.12. Other versions may also be affected.

    Solution:

    Download the new version:

    http://www.winamp.com/player/

  10. Nfl: Who Will Win The Superbowl?

    in Open Chat

    Posted

    Well, I didn't watch a SINGLE regular season NFL game this year...first time ever I didn't watch some, but I want the Seahawks to win it.

    They've always been one of my teams, behind green Bay of course (and my Sask Roughriders) and I would like to see them win their first ever super bowl in their very first try.

    I think they have the team to do it after watching that game Sunday, I missed the Steelers game so I'm not even sure what competition they'll have, but the Steelers sound like a strong team and it should be a good game at least.

    Im hoping it will be a good game and a Steelers win :D

    I dont like the Packers :P Im a Bears fan :P:thumbsup: This season the Bears swept the Packers 2-0 in the regular season..and the Packers ended up doing horrible winning only a couple of games..

  12. Nfl: Who Will Win The Superbowl?

    in Open Chat

    Posted

    Not to mention he's coming home to Michigan for his last game....

    Yea now all they have too do is win :)

    I was hopin Peyton would go :(

    Actually I was hopin the Titans would but my god they SUCK this year. i think they were worse than Detroit this year.

    Yeah the Titans sucked this year...I think Detroit did do better :lol:

  13. Nfl: Who Will Win The Superbowl?

    in Open Chat

    Posted

    The way they kicked my teams.......rear-end last night. I will have to agree on the Steelers takin the gams.

    Actually the Steelers and the Seahawks each dominated the teams they played but since its the first time the Seahawks have been to the SuperBowl in franchise history I think they are going to choke up and lose :)

  14. Malicious Website/malicious Code

    in Security Alerts

    Posted

    Websense Security® Labs™ has received reports of a malicious website which is hosting a Trojan horse keylogger. This keylogger is designed to steal end-user information when the user accesses certain online banks and e-commerce websites.

    The file name of the code is "logo.wmf." This code attempts to utilize the recent Microsoft® Windows® WMF vulnerability, assuming the user has not applied the recent Windows patch to solve this issue. The code runs, without user-intervention, when the user accesses an infected website. If the code runs, it drops a file called "web.exe" onto the user's machine and runs it. This file is designed to compromise the end-users' confidential information and may also include a Trojan horse backdoor.

    The site that hosts the malicious code is located in the UK and was up at the time of this alert. It is difficult to determine if the site's security has been compromised or if it was intentionally setup. The site contains little content, as it simply pulls links from the real London Olympics 2012 website.

    Screenshots on the website.

    http://www.websensesecuritylabs.com/alerts...php?AlertID=404

  19. What Firefox Extentions Do You Use?

    in Open Chat

    Posted

    I currently use only 4 extentions right now:

    • FasterFox 1.0.3

    Performance and network tweaks for Firefox.

    • IE Tab 1.0.7

    Open IE-only pages in "embedded IE".

    • Download Statusbar 0.9.4

    View and manage downloads from tidy statusbar.

    • Cache Status 0.5.1

    Easy cache mstatus & angement from status bar.

    Which do you use?

  23. Another Quality Tv Channels Goes Down The Toilet

    in On The Web

    Posted

    PBS You is like a Satelite PBS or Extended Cable PBS there are Local PBS stations too. Like ours is NPT (Nashville Public Televison). They have local stuff but then have PBS programming at regualr times. Its like local staions of other kinds. Say our Fox is Fox17. It gives local news but has regularly scheduled Fox programs. Same goes for our ABC, NBC, CBS, WB, and UPN.

    Thanks :)