Australia's Leading Computer Emergency Response Team

AusCERT Week in Review for 23rd December 2012
Date: 23 December 2011
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=15267

Week in review - week ending 23rd Dec

Season's greetings from AusCERT.

This week we saw a major new release from the Mozilla foundation, fixing numerous security issues and adding a bundle of new features. Users should upgrade to the new versions of Firefox and Thunderbird as soon as they return from holidays at mozilla.org. [ASB-2011.0122] AusCERT ASB-2011.0122]

It was also found that Windows 7, running Safari could be forced to BSOD (blue screen of death) with a malicious URL. As of writing the vendor (Microsoft) has not published a patch for this, AusCERT is monitoring and will update the subscriber community when a patch is available. [ AusCERT WebLog post 15251 ]

Finally we have also been seeing new implementations of an older attack against web browser history. This allows a malicious web page to 'guess' at a list of pages which may have been visited by the user. [ AusCERT WebLog post 15247 ]

Merry xmas and happy patching,

Angus