Greetings,

This week saw a new version of Firefox and SeaMonkey released, hopefully with an update to Thunderbird to follow shortly (AL-2008.0014). It corrected 10 vulnerabilities, the worst of which is a remote code execution. With all of these vulnerabilities now known, it is quite likely that attackers will soon begin to use them to attempt exploitation. Given that most people will probably be running Firefox as an Administrator on Windows XP, exploitation of these vulnerabilities could be quite serious. So while you are reading this, perhaps let Firefox update itself to 2.0.0.12 (along with SeaMonkey), and keep an eye out for an updated version of Thunderbird.

Another of this weeks serious vulnerabilities is the QuickTime remote code execution vulnerability (AL-2008.0013). Many people may not realise that they are running QuickTime because they never really installed it. QuickTime automatically installs as part of the iTunes installation that people will use when they buy a new iPod. Unfortunately this means that many people will be vulnerable. Fortunately Apple includes an automatic software update tool, which should check for updates at least weekly.

Moving on to the topic of blogging and content management systems, this week (and the end of last week) saw 33 vulnerabilities in Mambo, Joomla, WordPress, and Drupal plugins (including 2 in the actual products themselves). What this means is that if you use any sort of content management system (whether for blogs or not) you need to check *both* the software and any plugins you use for vulnerabilities. With 31 vulnerabilities in plugins it may also be a good idea to take stock of what plugins you are actually using. It also should encourage you to think carefully when using a plugin for this sort of application, as a vulnerable plugin means a vulnerable application.

Regards,
Richard