Week in review - week ending 23rd Dec

Season's greetings from AusCERT.

This week we saw a major new release from the Mozilla foundation, fixing numerous security issues and adding a bundle of new features. Users should upgrade to the new versions of Firefox and Thunderbird as soon as they return from holidays at mozilla.org. [ASB-2011.0122] AusCERT ASB-2011.0122]

It was also found that Windows 7, running Safari could be forced to BSOD (blue screen of death) with a malicious URL. As of writing the vendor (Microsoft) has not published a patch for this, AusCERT is monitoring and will update the subscriber community when a patch is available. [ AusCERT WebLog post 15251 ]

Finally we have also been seeing new implementations of an older attack against web browser history. This allows a malicious web page to 'guess' at a list of pages which may have been visited by the user. [ AusCERT WebLog post 15247 ]

Merry xmas and happy patching,

Angus