Security Tech Notes

SecurityOrb.com Security Tech Notes

Certified Information Systems Auditor (CISA) Exam
CISA Exam date is December 13, 2008.

Registration for the 2008 December CISA, CISM and CGEIT exams is now closed. Our next exam offering is 13 June 2009. Registration for the June exam is expected to open in December 2008, please check back then. Thank you for your interest.


Mozilla Updates
Mozilla on Wednesday released Firefox 3.04, a security and stability update to its popular open source Web browser.

The update addresses nine Security Advisories, some of which cover multiple vulnerabilities. Four are rated "critical," two are rated "high," two are rated "important," and one is rated "low."
Source: http://www.informationweek.com/news/internet/browsers/showArticle.jhtml?articleID=212002397&subSection=OpenSource


Linux
Canonical announced it will port Ubuntu Desktop Linux to the ARMv7 architecture. Targeted at netbooks, the Ubuntu ARM distribution could set the stage for Intel to lose the "software advantage" that has enabled x86 to shrug off attacks from other architectures for the last 30 years.
Source: http://www.desktoplinux.com/news/NS8395222090.html

Google’s Chrome Update
After the recent updates from Firefox and Opera in the form of Firefox 3.1 Beta and Opera 9.6, its Chrome's turn to go under the knife. Most users might have noticed how Mozilla has concentrated on speed with the latest Firefox update. Opera, on the other hand, now has even more features under its belt, retaining its position as one of the most feature packed browsers available now - off the shelf. And yes, support for three Indian languages in Opera too has been a welcome addition.
Source: http://www.techtree.com/India/News/Chrome_Updated_Enhanced_Security_Performance/551-94643-643.html

Mac OS X
The Mac’s virtualization space for supporting Windows keeps progressing. Parallels Desktop Version 4, released on Tuesday, offers better performance, improved battery life, printer sharing and improved file management and access between the Mac and Windows desktops, the company said.
Source: http://blogs.zdnet.com/Apple/?p=2499




Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software

(1) CRITICAL: Microsoft XML Core Services Multiple Vulnerabilities (MS08-069)
(2) CRITICAL: Microsoft SMB Credential Stealing Vulnerability (MS08-068)
(3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
(4) CRITICAL: ClamAV Unicode Processing Buffer Overflow
(5) HIGH: Apple Multiple Products Multiple Image Processing Vulnerabilities
(6) HIGH: SAP GUI ActiveX Control Remote Code Execution Vulnerability

CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
Affected:
Mozilla Firefox versions 3.x
Mozilla SeaMonkey versions 1.1.x
Mozilla Thunderbird versions 2.x

Description: Mozilla Firefox contains multiple vulnerabilities in its
handling of a variety of inputs. Flaws in the processing of web pages,
script input, URIs, XML documents, JAR files, and other input can lead
to a variety of vulnerabilities including arbitrary code execution with
the privileges of the current user. Due to the shared codebase among the
various Mozilla products, Mozilla SeaMonkey and Mozilla Thunderbird are
also vulnerable to some of these issues. Full technical details for
these vulnerabilities are publicly available via source code analysis.

Status: Vendor confirmed, updates available.

References:
Mozilla Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-51.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-53.html
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
Mozilla Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/32281