US-CERT is aware of a vulnerability that affects the Google Chrome web browser. This vulnerability is due to a default configuration that allows files to be downloaded without prompting the user. In addition, downloaded files can be opened with a single click, which could allow a user to inadvertently open a malicious file.
US-CERT encourages users to enable the “Ask where to save each file before downloading” option within the “Minor Tweaks” tab in the browser preferences. Continue Reading
Time for yet another web browsers security article. So there’s a test called “Browser Security Test” which I found today and decided to run it on the latest stable web browsers releases. What about results?
Firefox 2.0.14 – All Passed
Firefox 3.0 – All Passed Continue Reading
Some time ago we’ve posted an article about web browsers security which is based on Secunia reports.
Well, before the Firefox 3 release, it’s time to check how web browsers (latest “stable” versions) are doing now (2nd round).
It looks like there are some issues with the Firefox 2 Vietnamese Language Pack 2.0. According to bugzilla.mozilla.org, file contains malicious code. Language pack author PC was infected with the virus so it can’t directly affect you. However, you will still see banner ads.
I wonder if anyone from Mozilla is *really* running some checks before releasing add-ons and/or language packs to public…
News and Reviews about Your Favorite Web Browser. Subscribe to our RSS Feed.
Just a few days ago (with the Firefox 220.127.116.11 release), “Directory Traversal Vulnerability” was supposed to be fixed. However, as it’s noted here, by the guy who discovered new security vulnerability, it wasn’t fully fixed. Here’s a quote from his blog:
Because directory traversal through plugins is all nice and such, we don’t need it. We can trick Firefox itself in traversing directories back.
The upcoming Firefox 18.104.22.168 release will fix this flaw. It affects extensions (more than 600) which are installed as a set of uncompressed files instead of widely used .jar files.
A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure.
Impact Continue Reading
ZoneAlarm Forcefield beta has just been released for Windows XP and Windows Vista. It should be working with Internet Explorer 6-7 and Firefox 1.x-2.x versions. So what is it all about? It can protect you from various “bad things”. And as they say: “Protect yourself by creating a virtual “You” on any PC…”
ForceField lets you connect and communicate the way you already do online, only with a combination of protective measures that makes you impervious. It uses a virtualization engine that shields your computer and personal data from Internet and computer-based threats. It also includes numerous protection layers to combat phishing, spyware and dangerous file downloads.
Isn’t that a good idea?
It’s a Beta only, still many issues needs to be fixed. However, feel free to try it if you are interested.
Download ForceField 1.0.158 Beta.
Like this post? Subscribe to our RSS Feed.
“Ten Fuc*ing Days”. That’s what Mozilla said.
That’s right, they’ve said that they can release any critical patch within 10 days or faster. Firefox 22.214.171.124 was released even faster than 10 days (after security flaws were discovered). So they are not just using some tricks (or do they?), it’s already proven, we will see how fast they will release next one.
In my point of view, before using such statements they should also fix other security vulnerabilities. Even if they are not the most critical ones.
Unpatched 43% (6 of 14 Secunia advisories)
Most Critical Unpatched
Secunia Security Stats.
More about MPack:
The project is not so profitable compared to other activities on the Internet. It’s just a business. While it makes income, we will work on it, and while we are interested in it, it will live.
“DCT”, one of three developers of the MPack infection kit
A year later, the MPack kit has become an increasingly popular tool, allowing data thieves and bot masters to take control of victims’ systems and steal personal information. The MPack infection kit has been blamed for hundreds of thousands of compromised computers.
And here’s what is bit more:
Anything else you’d like to add?
I would advise you to use the Opera browser with scripts and plug-ins disabled in order not to be caught by the MPack someday.
It’s not a big secret, every web developer wants to have fastest and most secure web browser, which not only should have all the security issues fixed, but also it should help novice user to understand the risks and help him/her to avoid that.
Firefox 3 Alpha 7 (Pre) got one more feature which should help users to avoid fake domain names. See this picture.
It highlights domain name (well… actually makes other text light grey) so users could take a look at it and make sure it’s a correct domain name. Not really usefull, isn’t it?
That’s not all, according to Arstechnica,
FF3 Alpha 7 also incorporates a domain translator that changes an address that’s encoded in non-standard ASCII (such as a percentile-encoded address) into standard text. Again, this is a change aimed at making domain addresses easier to read by stripping out the non-standard characters a phisher might use to confuse a potential target.
There’s also an add-on for Firefox 2. Not perfect, but if you don’t want to use Firefox 3 Alpha 7 to test this one, feel free to use Locationbar2 add-on.