Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - February 18, 2008

by Marianna Schmudlach / February 18, 2008 12:24 AM PST

wyrd Insecure Temporary File

Secunia Advisory: SA29009
Release Date: 2008-02-18


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Unpatched


Software: wyrd 1.x

Description:
A vulnerability has been discovered in wyrd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The vulnerability is caused due to wyrd creating a temporary file in an insecure manner. This can be exploited to overwrite arbitrary files with permissions of another user.

Successful exploitation requires that the user invokes the help function by pressing "?" within the user interface.

The vulnerability is confirmed in version 1.4.3b. Other versions may also be affected.

Solution:
Grant only trusted users access to affected systems.

Provided and/or discovered by:
Reported in a Debian bug.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466382

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - February 18, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - February 18, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
XPWeb "Download.php" Arbitrary File Download
by Marianna Schmudlach / February 18, 2008 12:25 AM PST

Secunia Advisory: SA29006
Release Date: 2008-02-18


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: XPWeb 3.x

Description:
GoLd_M has discovered a vulnerability in XPWeb, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an input validation error in Download.php when processing arguments passed to the "url" parameter. This can be exploited to download arbitrary files from the affected system.

The vulnerability is confirmed in version 3.3.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly validated.

Provided and/or discovered by:
GoLd_M

Original Advisory:
http://milw0rm.com/exploits/5137

Collapse -
Lotus Quickr Unspecified Cross-Site Scripting Vulnerability
by Marianna Schmudlach / February 18, 2008 12:26 AM PST

Secunia Advisory: SA29004
Release Date: 2008-02-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Lotus Quickr 8.x

Description:
A vulnerability has been reported in Lotus Quickr, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to a user when anonymous access disabled on HTTP ports. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in Lotus Quickr for i5/OS versions prior to 8.0.0.2 Hotfix 11.

Solution:
Apply Hotfix 11.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (RELS78CN5C):
http://www-1.ibm.com/support/docview.wss?uid=swg24016411

Collapse -
freeSSHd SSH Server Denial of Service Vulnerability
by Marianna Schmudlach / February 18, 2008 12:27 AM PST

Secunia Advisory: SA29002
Release Date: 2008-02-18


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Unpatched


Software: freeSSHd 1.x

Description:
Luigi Auriemma has discovered a vulnerability in freeSSHd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error in the freeSSHd SSH server and can be exploited to cause the service to crash by sending a specially crafted packet to default port 22/TCP.

The vulnerability is confirmed in version 1.2.0. Other versions may also be affected.

Solution:
Restrict network access to the service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/freesshdnull-adv.txt

Collapse -
SUSE update for clamav
by Marianna Schmudlach / February 18, 2008 12:29 AM PST

Secunia Advisory: SA29001
Release Date: 2008-02-18


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server



Description:
SUSE has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html

Other References:
SA28907:
http://secunia.com/advisories/28907/

Collapse -
Joomla! jooget Component "id" SQL Injection
by Marianna Schmudlach / February 18, 2008 12:30 AM PST

Secunia Advisory: SA28998
Release Date: 2008-02-18


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: jooget 2.x (component for Joomla)



Description:
S@BUN has discovered a vulnerability in the jooget component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in the Joomla! installation's index.php script (when "option" is set to "com_jooget") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes, but requires knowledge of the database table prefix.

The vulnerability is confirmed in version 2.6.8. Other versions may also be affected.

Solution:
Apply "Patch Jooget 2.6.8 SQL Injection":
http://members.joomlapixel.eu/downloa...oget-2.6.8-sql-injection/details.html

Provided and/or discovered by:
S@BUN

Original Advisory:
http://milw0rm.com/exploits/5132

Collapse -
BanPro-DMS "action" Local File Inclusion Vulnerability
by Marianna Schmudlach / February 18, 2008 12:32 AM PST

Secunia Advisory: SA28992
Release Date: 2008-02-18


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: BanPro-DMS 1.x

Description:
muuratsalo has discovered a vulnerability in BanPro-DMS, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "action" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
muuratsalo

Collapse -
Sun Solaris vuidmice STREAMS Modules Local Denial of Service
by Marianna Schmudlach / February 18, 2008 12:33 AM PST

Secunia Advisory: SA28990
Release Date: 2008-02-18


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Vendor Patch


OS: Sun Solaris 10
Sun Solaris 9

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the vuidmice STREAMS modules (vuidmice (7M)) and can be exploited to cause a system panic.

The vulnerability is reported in Solaris 9 and 10 for the x86 platform.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200635-1

Collapse -
Mandriva update for xine-lib
by Marianna Schmudlach / February 18, 2008 12:35 AM PST
Collapse -
Joomla! Quran Component "surano" SQL Injection
by Marianna Schmudlach / February 18, 2008 12:37 AM PST

Secunia Advisory: SA28986
Release Date: 2008-02-18


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Quran 1.x (component for Joomla)

Description:
breaker_unit and Don have discovered a vulnerability in the Quran component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "surano" parameter in the Joomla! installation's index.php script (when "option" is set to "com_quran" and "action" to "viewayat") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes, but requires knowledge of the database table prefix.

The vulnerability is confirmed in version 1.1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
breaker_unit and Don

Original Advisory:
http://milw0rm.com/exploits/5128

Collapse -
GNOME GLib PCRE Character Class Buffer Overflow
by Marianna Schmudlach / February 18, 2008 12:44 AM PST

Secunia Advisory: SA28985
Release Date: 2008-02-18


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: GNOME GLib 2.x

Description:
A vulnerability has been reported in GNOME GLib, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

The vulnerability is caused due to the use of vulnerable PCRE code.

The vulnerability is reported in version 2.14.5. Prior versions may also be affected.

Solution:
Update to version 2.14.6.
http://ftp.gnome.org/pub/gnome/sources/glib/2.14/

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news

Other References:
SA28923:
http://secunia.com/advisories/28923/

Collapse -
StatCounteX "admin.asp" Security Bypass
by Marianna Schmudlach / February 18, 2008 12:45 AM PST

Secunia Advisory: SA28984
Release Date: 2008-02-18


Critical:
Less critical
Impact: Security Bypass
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: StatCounteX 3.x

Description:
SekoMirza has discovered a security issue in StatCounteX, which can be exploited by malicious people to bypass certain security restrictions and to disclose potentially sensitive information.

The security issue is cause due to missing permission checks in admin.asp. This can be exploited to gain access to the administrative interface and e.g. modify script settings by directly requesting the admin.asp script.

NOTE: Other sensitive scripts are also directly accessible.

The security issue is confirmed in version 3.1. Other versions may also be affected.

Solution:
Restrict access to the StatCounteX directory.

Provided and/or discovered by:
SekoMirza

Collapse -
Multiple Horde Products Security Bypass
by Marianna Schmudlach / February 18, 2008 12:46 AM PST

Secunia Advisory: SA28982
Release Date: 2008-02-18


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Horde Groupware 1.x
Horde Groupware Webmail Edition 1.x
Turba 2.x (Horde module)




Description:
A security issue has been reported in multiple Horde products, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to an error within the enforcing of access restriction policies imposed on the address book. This can be exploited to gain access to restricted contacts placed in the same SQL table, if the unique key of another user's contact can be obtained.

The security issue is reported in Horde Groupware 1.0.3, Horde Groupware Webmail Edition 1.0.4, and Turba Contact Manager 2.1.6. Prior versions may also be affected.

Solution:
Update to Horde Groupware 1.0.4, Horde Groupware Webmail Edition 1.0.5, and Turba Contact Manager 2.1.7.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://cvs.horde.org/diff.php/groupwa...?r1=1.17.2.1&r2=1.17.2.2&ty=h
http://cvs.horde.org/diff.php/groupwa...?r1=1.12.2.1&r2=1.12.2.2&ty=h
http://cvs.horde.org/diff.php/turba/d...4.2.2&r2=1.181.2.114.2.4&ty=h

Collapse -
Fedora update for scponly
by Marianna Schmudlach / February 18, 2008 12:48 AM PST

Secunia Advisory: SA28981
Release Date: 2008-02-18


Critical:
Less critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for scponly. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.

Solution:
Apply updated packages via the yum utility ("yum update scponly").

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2008-February/msg00595.html
https://www.redhat.com/archives/fedor...-announce/2008-February/msg00546.html

Other References:
SA28123:
http://secunia.com/advisories/28123/

Collapse -
Fedora update for httpd
by Marianna Schmudlach / February 18, 2008 12:49 AM PST

Secunia Advisory: SA28977
Release Date: 2008-02-18


Critical:
Less critical
Impact: Cross Site Scripting
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the yum utility ("yum update httpd").

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2008-February/msg00541.html
https://www.redhat.com/archives/fedor...-announce/2008-February/msg00562.html

Other References:
SA28046:
http://secunia.com/advisories/28046/

Collapse -
Fedora update for cacti
by Marianna Schmudlach / February 18, 2008 12:50 AM PST

Secunia Advisory: SA28976
Release Date: 2008-02-18


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for cacti. This fixes some vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting, cross-site scripting, and SQL injection attacks.

Solution:
Apply updated packages via the yum utility ("yum update cacti").

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2008-February/msg00570.html
https://www.redhat.com/archives/fedor...-announce/2008-February/msg00593.html

Other References:
SA28872:
http://secunia.com/advisories/28872/

Collapse -
Hosting Controller Multiple Vulnerabilities
by Marianna Schmudlach / February 18, 2008 12:52 AM PST

Secunia Advisory: SA28973
Release Date: 2008-02-18


Critical:
Highly critical
Impact: Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Hosting Controller 6.x

Description:
Some vulnerabilities have been reported in Hosting Controller, which can be exploited by malicious users to disclose sensitive information and manipulate certain data, and by malicious people to manipulate certain data, disclose sensitive information, conduct SQL injection attacks, and potentially to compromise a vulnerable system.

1) An unspecified error can be exploited to change passwords of other users.

2) An unspecified error can be exploited to upload files to a web directory and execute arbitrary code.

3) An unspecified error can be exploited to create new users.

4) Input passed to unspecified scripts is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation may e.g. allow listing of all databases or enable and disable the forum.

5) An unspecified error can be exploited to change a user's credit limit or the discount.

6) An unspecified error can be exploited to uninstall FrontPage extensions for all domains created on the server.

7) An unspecified error can be exploited to delete gateway information.

Cool An unspecified error can be exploited to enable or disable the payment type.

9) An unspecified error can be exploited to disclose information of all webadmins created on the server.

10) An unspecified error can be exploited to import or edit plans.

11) An unspecified error can be exploited to change the host headers of all domains created on the server.

The vulnerabilities are reported in HC6.1. Other versions may also be affected.

Solution:
Apply Post Hotfix 3.3 Security Patch.
http://hostingcontroller.com/english/...patches/Post-Hotfix-3_3-sec-Patch.zip

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://hostingcontroller.com/english/...otfix-3_3-sec-Patch-ReleaseNotes.html

Collapse -
rPath update for mailman
by Marianna Schmudlach / February 18, 2008 12:53 AM PST

Secunia Advisory: SA28966
Release Date: 2008-02-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for mailman. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

Solution:
Update to "mailman=conary.rpath.com@rpl:1/2.1.9-4.2-1".

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2008-February/000319.html

Other References:
SA28794:
http://secunia.com/advisories/28794/

Collapse -
Sophos Email Appliance Login Page "error/go" Cross-Site Scri
by Marianna Schmudlach / February 18, 2008 12:54 AM PST

Secunia Advisory: SA28961
Release Date: 2008-02-18


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: Sophos Email Appliance (ES1000/ES4000) 2.x

Description:
Leon Juranic has reported some vulnerabilities in Sophos Email Appliance, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "error" and "go" parameters in the Login page is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 2.1.0.0. Other versions may also be affected.

Solution:
Update to version 2.1.1.0.

Provided and/or discovered by:
Leon Juranic

Original Advisory:
Sophos:
http://www.sophos.com/support/knowledgebase/article/34733.html

INFIGO IS:
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-02-13

Collapse -
SUSE update for MozillaFirefox and seamonkey
by Marianna Schmudlach / February 18, 2008 12:56 AM PST

Secunia Advisory: SA28958
Release Date: 2008-02-18


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9

Description:
SUSE has issued an update for MozillaFirefox and seamonkey. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

Other References:
SA28622:
http://secunia.com/advisories/28622/

SA28758:
http://secunia.com/advisories/28758/

Collapse -
Debian update for clamav
by Marianna Schmudlach / February 18, 2008 12:58 AM PST

Secunia Advisory: SA28949
Release Date: 2008-02-18


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0

Description:
Debian has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2008/dsa-1497

Other References:
SA28907:
http://secunia.com/advisories/28907/

Collapse -
Apache tool generates password hashes using predictable salt
by Marianna Schmudlach / February 18, 2008 1:12 AM PST

A password generation tool distributed with the Apache HTTP server has a flaw that could make dictionary attacks on passwords encoded using it easier. The tool, called htpasswd, generates MD5 hashes for Basic HTTP Authentication from passwords and salts.

Salts are intended to make attacks on password hashes using dictionaries and rainbow tables difficult or infeasible. But some salting implementations make password cracker's job unnecessarily easy. Peter Watkins has reported that htpasswd fails to use the full potential numerical range for salts, thus reducing the effective length from 48 to 29 bits. According to Watkins, this represents just 0.000191 per cent of the range potentially usable by the hash algorithm, making it easier to predict salts than it should be. This means that it becomes worthwhile attempting to calculate the hash using rainbow tables despite the use of a salt.

More: http://www.heise-online.co.uk/security/Apache-tool-generates-password-hashes-using-predictable-salts--/news/110144

Collapse -
Patches for MoinMoin Wiki system
by Marianna Schmudlach / February 18, 2008 1:13 AM PST

The developers of the Python-based MoinMoin Wiki system have closed two XSS vulnerabilities and a directory traversal hole. Insufficient filtering of submitted user names in the action/login.py login script allowed injected JavaScript code to be executed in the victim's browser. The same applied to the action/AttachFile.py file upload script containing JavaScript in the message, pagename and target parameters.

A directory traversal hole was reported to allow attackers to use specially crafted cookies to traverse the data/user/ directory and compromise systems by overwriting files. The flaw occurred in the user.py script when processing certain IDs in the cookie. Only version 1.5.x contained the latter vulnerability. Apart from the updated version 1.6.1, the developers have also made patches for 1.6 and 1.5.x available for download.

More: http://www.heise-online.co.uk/security/Patches-for-MoinMoin-Wiki-system--/news/110141

Collapse -
Vulnerability in OpenCA allows attackers to generate unautho
by Marianna Schmudlach / February 18, 2008 1:15 AM PST

Vulnerability in OpenCA allows attackers to generate unauthorised certificates

Cross-site request forgery (CSRF), also known as session riding, can allow attackers to deactivate firewalls on vulnerable routers or add new accounts to content management systems. Now it appears that the OpenCA open source certification authority also has problems in this respect. By visiting a crafted web page while the OpenCA front end is open in another browser window, a CA administrator could enable an attacker to generate their own certificate in the administrator's context. In a security advisory, Alexander Klink notes that OpenCA requires only one-off authentication: a single cookie is used for the whole session.

More: http://www.heise-online.co.uk/security/Vulnerability-in-OpenCA-allows-attackers-to-generate-unauthorised-certificates--/news/110139

Collapse -
Steer clear of Vista Service Pack, tests warn
by Marianna Schmudlach / February 18, 2008 1:16 AM PST

The first Service Pack for Windows Vista is already available on the internet, but users should not take any chances yet, advises heise online's German sister publication c't magazine in its current issue. Even Microsoft admits that the current version still struggles with certain pre-installed drivers which the software giant wants to replace via Auto-Update in the coming weeks.

For partial updates to Windows Vista, users received regular patches via the automatic update service last year. However, many can't wait to receive a more comprehensive upgrade of the operating system ? the first Service Pack, which is expected to eliminate most if not all teething troubles.

More: http://www.heise-online.co.uk/security/Steer-clear-of-Vista-Service-Pack-tests-warn--/news/110140

Collapse -
Mozilla Firefox and Opera Vulnerability
by Marianna Schmudlach / February 18, 2008 10:27 AM PST

added February 18, 2008 at 03:34 pm

US-CERT is aware of public reports of a vulnerability in Mozilla Firefox and Opera web browsers. This vulnerability is caused by improper handling of bitmap image files (.bmp). By sending a specially crafted bitmap image file to the browser, an attacker may be able to obtain sensitive information or cause a denial-of-service condition.

US-CERT encourages Mozilla Firefox users to upgrade to Firefox 2.0.0.12 and Opera users to upgrade to Opera 9.25.

US-CERT will provide more information as it becomes available.


http://www.us-cert.gov/current/current_activity.html#mozilla_firefox_and_opera_browser

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!