Mailbag (iPhone/Firefox/Citrix CAG vulnerabilities)

Published: 2007-07-23
Last Updated: 2007-07-23 22:40:34 UTC
by Daniel Wesemann (Version: 4)
0 comment(s)

Numerous readers have contacted us to let us know that ...

  • a serious iPHONE flaw was found (www.nytimes.com/2007/07/23/technology/23iphone.html)
  • apparently, parts of the online Knowledge Base of Installshield have been subverted; some articles seem to have been replaced by a defaced web page  Update 1800 UTC: The site seems to be mostly ok again
  • a flaw in Firefox up to and including 2.0.0.5 could allow an attacker to steal passwords that have been stored using the Firefox "Remember this password" function.  Heise has a web site with a demonstration but they also correctly point out that by the moment you log in to a site where everybody can upload hostile JavaScript, all bets are off anyway, and access to the password store is probably the least of your worry
  • several significant vulnerabilities have been found in Citrix Access Gateway. See the original advisories for details. Note that this link is only to the first of four, follow the references therein to CTX113815/16/17 as well

Thanks to all who reported these.

Keywords:
0 comment(s)

Comments


Diary Archives