Netscape Communications has released a security patch to correct various vulnerabilities identified in Netscape Browser version 8.0 and prior. These critical flaws, intially reported in Firefox, could be exploited by malicious websites to execute arbitrary commands, conduct Cross Site Scripting attacks or cause a denial of service.
Mac OS X Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
Security Bypass, Exposure of system information, DoS
Apple Macintosh OS X
Apple has issued an update for Mac OS X, which fixes various
1) An input validation error can be exploited to access arbitrary
files on a Bluetooth-enabled system using directory traversal attacks
via the Bluetooth file and object exchange services.
2) An error can be exploited by malicious web sites to download and
install Dashboard widgets on a user's system via Safari without the
Safe Download Validation warning.
3) A weakness in two system calls allows local users to gain
knowledge of the names of files placed in unsearchable locations
(e.g. files in users' ~/Public/Drop Box).
4) An error in the "nfs_mount()" function due to insufficient input
value checks can be exploited by malicious, local users to cause a
5) An error can be exploited by malicious people with physical access
to a system to start background applications behind locked screensaver
The vulnerabilities affect Mac OS X v10.4 and Mac OS X Server v10.4.
Apply Mac OS X 10.4.1 Update.
PROVIDED AND/OR DISCOVERED BY:
1) Kevin Finisterre, digitalmunition.com.
3) John M. Glenn