Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox 3.0.8 Released

Published: 2009-03-27
Last Updated: 2009-03-27 23:13:38 UTC
by David Goldsmith (Version: 1)
1 comment(s)

Gilbert wrote in to let us know that Mozilla has released Firefox 3.0.8 today.

This release fixes two recent security issues: the 'pwn2own' issue used at the CanSecWest competition and the new XSL Transport issue from this week.

The release notes for Firefox 3.0.8 can be found here.  The security issues are covered here.

1 comment(s)

Bad Symantec Virus Defintions Update

Published: 2009-03-27
Last Updated: 2009-03-27 19:31:49 UTC
by David Goldsmith (Version: 1)
0 comment(s)

We had a report earlier today about problems with non-malicious PDF files getting flagged by the Symantec AntiVirus 10 and Symantec Endpoint Protection 11 products.  The March 26, 2007 rev 7 definitions appear to be the cause of the issue.  The PDF files were getting flagged as Bloodhound.PDF.6 based on hueristics detection.

There is also a thread about this issue on Symantec's forum today.

If you upgrade your signatures to revision 67 or later, or use the Rapid Release definitions whose sequence number is 93430 or higher, the problem appears to have been resolved.

 

Keywords:
0 comment(s)

Firefox and Seamonkey Vulnerabilities

Published: 2009-03-27
Last Updated: 2009-03-27 13:38:31 UTC
by David Goldsmith (Version: 1)
0 comment(s)

In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vunerability has been published which involves XSL Transforms.  This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers.

Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1 (and no, this is not an early April Fools joke).

A proof-of-concept exploit for the XSL Transform vulnerability has been released.  If the attack succeeds, arbitrary code can be run in the context of the browser.  If the attack fails, a DoS condition is likely for the browser.

For more information about the XSL Transform issue, see:

  BugTraq
  Secunia Advisory
  VUPEN Advisory

  Bugzilla Entry
  Mozilla Security Blog
 

Keywords:
0 comment(s)

There is some SMiShing going on in the EU

Published: 2009-03-27
Last Updated: 2009-03-27 06:53:02 UTC
by Mark Hofman (Version: 1)
0 comment(s)

 We've had a few reports so far where people receive an SMS which asks them to check out a particular URL, which predictably contains something extra.  

Currently the reports are from the UK and Germany.  

The text of the SMS is typically along these lines " Someone posted your full personal and banking information at insert-bad-url-here website you must remove it now".  The text does vary slightly in some of the samples seen.

The url typically has some badness in the form of a trojan.  This particular one, which Holger alerted us to (thanks), contained a trojan called Ambler.  

So keep an eye on your VoIP systems and some user education is probably also not a bad idea. 

Mark H 


 

Keywords: SMiShing
0 comment(s)
Diary Archives