Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-07-31 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

FireFox Update 2.0.0.6 Is Now Available

Published: 2007-07-31
Last Updated: 2007-07-31 17:07:39 UTC
by Deborah Hale (Version: 1)
0 comment(s)

Mozilla has issued an update to the FireFox browser.  This update resolves 2 security issues, one listed as critical and one listed as moderate.

This update resolves the "Unescaped URIs passed to external programs" vulnerability.

Mozilla Foundation Security Advisory 2007-27 - MFSA 2007-27 - Critical

www.mozilla.org/security/announce/2007/mfsa2007-27.html

This update resolves the "Unescaped URIs passed to external programs" vulnerability.  This affects the way that information is passed to internal programs for handling. This can cause programs to misinterpret the information received.

 

Mozilla Foundation Security Advisory 2007-26  - MFSA 2007-26 - Moderate

www.mozilla.org/security/announce/2007/mfsa2007-26.html

This update resolves the " Privilege escalation through chrome-loaded about:blank windows".  From the Mozilla advisory: This could enable privilege escalation attacks against addons that create "about:blank" windows and populate them in certain ways (including implicit "about:blank" document creation through data: or javascript: URLs in a new window).

 

Keywords:
0 comment(s)

More EMail Spam

Published: 2007-07-31
Last Updated: 2007-07-31 15:46:58 UTC
by Deborah Hale (Version: 1)
0 comment(s)

We have received numerous emails today regarding yet another round of spam hitting the cyberwaves.  This spam is nothing more than a new twist on the pump and dump stock market emails.  It appears that these emails include a zip or RAR file for an attachment.  Once opened, these contain nothing more than the get rich quick stock market info.  There appears to be nothing malicious other than an attempt to sway the market.

Keywords:
0 comment(s)

ISC Technical Difficulties

Published: 2007-07-31
Last Updated: 2007-07-31 15:41:57 UTC
by Deborah Hale (Version: 1)
0 comment(s)

Several of our observant readers have contacted us today regarding the diary content being from May 31st.  No we are not trying to change back the hands of time (however, at my age I wouldn't mind it if we could).  We have been having technical problems with our Handlers/ISC server today and our webmaster has been diligently working on it in between teaching sessions at SansFire 2007 in Washington DC.  Dr J assures me that he has resolved the technical issues and we are back on line for the day.

Keywords:
0 comment(s)
Diary Archives