Half-dozen new patches for Firefox

Virus and Bug Patch Alert This newsletter is sponsored by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. Network World's Virus and Bug Patch Alert Newsletter, 05/31/07 Half-dozen new patches for Firefox By Jason Meserve Today's bug patches and security alerts: Mozilla patches 6 Firefox bugs Mozilla patched its flagship Firefox browser today with fixes for six vulnerabilities, one of which was stamped "critical" by the open-source developer. This was the third time Mozilla has updated Firefox in 2007. For those keeping 2007's bug score at home: Firefox 22, Internet Explorer 8. Computerworld, 05/31/07. Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. Download the latest version of Firefox ********** Apple patches QuickTime flaws According to an Apple advisory, "An implementation issue exists in QuickTime for Java, which may allow instantiation or manipulation of objects outside the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution." Users should upgrade to QuickTime 7.1.6 to fix the flaw. ********** Two new updates from Gentoo: FreeType (buffer overflow, code execution) MPlayer (multiple buffer overflows, code execution) ********** Samba vulnerability affects Mac OS X Symantec on Tuesday warned Mac OS X users in an advisory that one of the open source technologies included in the operating system was vulnerable to an attack. The flaw only affects users that have turned on Windows Sharing -- it is off by default on Mac OS X. MacWorld, 05/29/07. ********** F-Secure hit with antivirus vulnerabilities F-Secure Corp. has patched several vulnerabilities in its security products, the most critical of which could be used to run unauthorized software on a victim's computer. The most critical of these bugs affects F-Secure's antivirus products. A flaw in the way the software unpacks files that have been compressed using the LHA archiving format, could allow an attacker to crash the system, or even run unauthorized software on the computer, F-Secure said in an advisory, published Wednesday. IDG News Service, 05/30/07. F-Secure advisory ********** Today's malware news: Tax Phraud A new Trojan Horse called Backdoor.Robofo has been spammed out today, which uses a variety of social engineering tactics to aid its propagation. Firstly it masquerades as an e-mail from the Internal Revenue Service (IRS), including the use of the IRS logo in the message body to make it appear more legitimate. Symantec Security Response blog, 05/30/07. ********** From the interesting reading department: Researcher: Don't trust Google Toolbar Makers of some of the most popular extension software used by the Firefox browser are not doing enough to secure their software, a security researcher said Wednesday. IDG News Service, 05/30/07. Hackers can hijack PCs using Firefox add-ons Hackers can drop malicious code into systems running Mozilla's Firefox when the browser is armed with any of several high-profile add-ons, including Google Toolbar and Yahoo Toolbar, a researcher revealed today. Mozilla has acknowledged the risk posed by some extensions. Computerworld, 05/30/07. IPS app available for free Network managers looking for an inexpensive way to better secure traffic crossing their nets might want to check out a free application from Intoto. Network World, 05/29/07. Strange spoofing technique evades antiphishing filters A Reg reader has produced screen shots that demonstrate a powerful phishing technique that's able to spoof eBay, PayPal and other top web destinations without triggering antiphishing filters in IE 7 or Norton 360. Plenty of other PayPal users are experiencing the same ruse, according to search engine results. The Register, 05/25/07. Social Bookmarking and Malicious Websites On Friday the top story on the social bookmarking site reddit.com linked to a website that downloaded malware onto visitors’ computers. Social bookmarking sites like Reddit and Digg link to stories ranked by the popularity of these stories with their users. The malware on the site appeared to be a variant of Trojan.ByteVerify that downloaded more malicious programs onto the users' machines. It is interesting to consider how effective in spreading malware a link on a social bookmarking site is. Symantec Security Response Blog, 05/30/07. Security budgets up Since January, I’ve spent a lot of time interviewing IT executives for a benchmark research report on Security and Information Protection. The statistical analysis of the results of this research shows some interesting trends. Network World, 05/30/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Novell publishes terms of Microsoft Linux deal 2. Verizon planning iPhone killer 3. Michigan man fined for using free Wi-Fi 4. Switches of the future 5. Are security pros worrying about the right stuff? 6. Cisco routers cause major outage in Japan 7. Microsoft routs BMC's .Net Identity Management 8. Report slams FBI network security 9. Skype worm jumps to ICQ, MSN too 10. Don't sniff at used network gear MOST E-MAILED STORY: Michigan man fined for using free Wi-Fi

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007