Web Browser Security

Microsoft issues patch plans, includes Internet Explorer fix

February 09, 2012

Tuesday's monthly patch batch from Microsoft will be relatively light, with the software giant planning nine fixes -- four rated "critical" -- to address 21 vulnerabilities.
 

Microsoft to begin silently updating IE in 2012

December 15, 2011

Borrowing a page from other web browser manufacturers, Microsoft soon will automatically upgrade Windows customers to the latest version of IE.
 

Chrome 16 includes 15 vulnerability fixes

December 14, 2011

Google on Tuesday released Chrome 16, which includes fixes for 15 security vulnerabilities.
 

Microsoft's October update to fix 23 flaws

October 06, 2011

The Patch Tuesday bulletins, of which two are rated "critical" and six deemed "important," are due Oct. 11 at about 2 p.m. EST.
 

Mozilla releases Firefox 7.0.1 to fix add-on issue

September 30, 2011

Mozilla released an update for its Firefox browser to address what it called a "rare" bug that caused add-ons to be hidden for some users after upgrading to version 7.
 

One of two responsible for AT&T iPad breach pleads guilty

June 23, 2011

A San Francisco man who was charged with exploiting a flaw on the AT&T website to obtain personal information about Apple iPad subscribers has pleaded guilty, prosecutors said Thursday.
 

Mozilla releases Firefox 5, ends support for version 4

June 22, 2011

The latest version of Mozilla's Firefox web browser, version 5, was released on Tuesday with fixes for a number of vulnerabilities that could allow an attacker to crash a victim's browser, run arbitrary code on their computer, steal data or perform cross-site scripting attacks. Mozilla also fixed several security vulnerabilities in Firefox 3.6 this week, but ended support for Firefox 4, which was released just three months ago and received its only update, Firefox 4.0.1, in April. Users of Firefox 4 are being advised to upgrade to Firefox 5.
 

Google Chrome update closes Flash zero-day

March 17, 2011

Google on Tuesday updated Chrome to close a zero-day flaw in the web browser's version of Adobe Flash Player, ahead of rival browsers Internet Explorer, Firefox, Safari and Opera - and even ahead of Adobe itself. Chrome 10.0.648.134 contains an updated build of Flash Player, which Google received for integration and testing as part of a collaboration with Adobe, an Adobe spokeswoman told SCMagazineUS.com on Thursday. Meanwhile, Adobe on Monday warned that attackers currently are exploiting the flaw through malicious Microsoft Excel files. The software maker is finalizing a fix and plans to patch Flash for Windows, Mac OS X and Linux next week.
 

IE9 with do-not-track option released

March 15, 2011

The latest version of Internet Explorer, version 9, was released Tuesday with a much-discussed tool that allows users to opt out of having their web surfing monitored. In December, the Federal Trade Commission suggested browser manufacturers adopt such a capability as a means of safeguarding consumers' online habits. Microsoft's do-not-track feature, by default, alerts websites that the user's data is not to be tracked. While Mozilla announced it too would soon offer such an option in its Firefox browser, Apple and Google have not yet publicly announced plans. - GM
 

eHarmony advice site hacked to expose user information

February 11, 2011

eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.
 

Dating site PlentyOfFish hacked to expose passwords

January 31, 2011

The credentials of nearly 30 million online daters are at risk following the exploit of a common website vulnerability. The exact circumstances of the incident remain in question.
 

Google, Mozilla announce new 'do not track' features

January 24, 2011

Google, maker of the Chrome web browser, on Monday made a feature available that allows users to permanently opt out of online behavioral advertising tracking cookies.
 

Microsoft upset over Google researcher's tool release

January 03, 2011

A potentially exploitable zero-day vulnerability in Internet Explorer, detailed by a Google researcher who created a fuzzing tool to find browser flaws, is under investigation by Microsoft.
 

Firefox 3.6.13 issued to fix 13 flaws, 11 "critical"

December 10, 2010

Mozilla on Thursday issued an updated Firefox web browser to fix 13 vulnerabilities.
 

Firefox zero day being exploited in the wild

October 27, 2010

Cybercriminals are exploiting a "critical" zero-day flaw in Mozilla's Firefox web browser to distribute malware, security firms are warning.
 

Mozilla releases Firefox 3.6.11 to address 12 flaws

October 20, 2010

Mozilla on Tuesday released an updated version of its Firefox web browser to shore up a dozen vulnerabilities.
 

Google releases Chrome 6

September 03, 2010

Google on Thursday acknowledged the two-year anniversary of its Chrome browser with a new stable channel version that addresses more than a dozen security vulnerabilities. The flaws may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct spoofing attacks, according to an advisory posted by the US-CERT on Friday. Google, which provides monetary rewards for the disclosure of security bugs, paid out $4,337 in bounties for the vulnerabilities. The Chrome 6.0.472.53 stable channel update is available for Windows, Mac and Linux users. — AM
 

Google fixes 11 flaws in Chrome

August 23, 2010

Google late last week fixed 11 security flaws in its Chrome web browser that could allow an attacker to execute arbitrary code, cause a denial-of-service, or conduct spoofing attacks, according to an advisory from the US-CERT. Google, which provides monetary rewards for the disclosure of security bugs, paid more than $10,000 to various researchers for the flaws. The Google Chrome 5.0.375.127 stable channel update is available for Windows, Mac and Linux users. — AM
 

Opera 10.61 addresses high severity flaw

August 13, 2010

Opera Software on Thursday released Opera 10.61 to address a heap buffer overflow vulnerability that could be used to execute arbitrary code, the company said in an advisory. The flaw, classified as "high" in severity, affects the browser's HTML5 canvas, which allows developers to draw graphics using JavaScript. Due to the flaw, performing some painting operations on a canvas in Opera may result in heap buffer overflows. The update, available for Windows, Mac and Unix, also fixes two lower severity flaws involving news feeds and tabs. — AM
 

Why malware wins the host race

Gunter Ollmann, vice president of research, Damballa June 15, 2010

A noted security researcher explains how sophisticated malware is created to elevate privileges on behalf of an attacker so security controls, such as anti-virus, can be disabled.
 

Newly issued Safari 5 closes dozens of holes

June 08, 2010

Apple on Monday issued Safari 5 and Safari 4.1 to close dozens of security vulnerabilities, some of which could allow an attacker to install malicious code on an affected system.
 

Opera issues update to address major flaw

May 03, 2010

Opera Software has released an update for its web browser to address a vulnerability that has been classified as "extremely severe," according to the company's security advisory. Opera 10.53 corrects the flaw, which affects the browser for both Windows and Mac, and could allow an attacker to cause an application crash and execute arbitrary code, according to a separate advisory posed by the US-CERT. Users have been advised to update immediately. — AM
 

Firefox issues 3.5.8 to address security issues

February 19, 2010

Mozilla this week updated two versions of its Firefox web browser to fix several security issues that could allow an attacker to execute arbitrary code or bypass security restrictions, according to the company's security advisories. Firefox versions 3.0.18 and 3.5.8 remediate three flaws that were rated "critical" and two rated "moderate" by Mozilla. The newest version of the browser, Firefox 3.6, is not affected. — AM
 

New attack against IE could expose all PC files

January 27, 2010

An attacker could leverage design flaws in Internet Explorer to read every file on a user's computer, according to researchers at Core Security Technologies
 

Mozilla issues Firefox updates, no security fixes

January 06, 2010

Mozilla on Tuesday released an update to its Firefox web browser, pushing out versions 3.5.7 and 3.0.17. The updates do not contain any security fixes, though the update fixed a "common stability issue," according to the release notes. Users can download the latest Firefox version here. — DK
 

Microsoft affirms vulnerability affecting Internet Explorer

November 24, 2009

Microsoft engineers are prepping a fix for a zero-day Internet Explorer version 6 and 7 flaw, while users are encouraged to apply workarounds as they await a patch.
 

Web technologies account for 78 percent of all bugs

November 09, 2009

Of all vulnerabilities in web technologies discovered in the first half of 2009, 90 percent were present in web applications.
 

Browser cookie handling could widen web attack space

November 04, 2009

Contrary to conventional wisdom, due to the way browsers handle cookies, an attack on a company's subdomain can net an attacker free reign over the principal production domain.
 

Asprox botnet launches new wave of SQL injection

October 06, 2009

Researchers are not sure how many websites have been compromised but said new Asprox botnet attacks are underway.
 

PBS' Curious George site hacked to serve malware

September 18, 2009

The popular children's television show website, which is run by the Public Broadcasting Service, was propagating malware from Monday until Thursday.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws