Browser Updates Fix Bugs, Weaknesses - williamsmannion

In this roundup of fixes, it's all browsers this month. Google released Chrome 21, patching a number of dangerous PDF-viewer-related bugs. Mozilla tackled more vulnerabilities than common, including an fascinating drag-and-drop bug, and Apple released Safari 6.0, sealing multiple potential private information leaks.

Google Chrome Turns 21

Google released a number of security updates for the Google Chrome Unfluctuating Channel. These updates affect OS X and Linux (updated to Chrome 21.0.1180.57), as well as Windows and Chromium-plate Set up (Chrome 21.0.1180.60).

Chromium-plate 21 includes patches that address 15 security vulnerabilities. One vulnerability was rated critical; of the others, sextuplet were rated high, five medium, and deuce-ac low. Quint of the weaknesses stricken Chrome's intrinsical PDF viewer and could possess caused remembering corruption, a program crash, operating theater other unexpected doings. Google also patched a vulnerability that could give an assailant unco broad file access via Chrome's implementation of drag and drop off, among other vulnerabilities, as well as several nonsecurity-related bugs.

Browse here and here for more along the Chromium-plate 21 fixes.

Mozilla Posts Repairs

Mozilla released patches for 15 security measures advisories (the most in nearly deuce years), for Firefox, Thunderbird, and SeaMonkey. Fivesome bugs are rated critical, four high, and half dozen moderate.

Surety researchers found a vulnerability that could enable a remote attacker to "short-circuit" a Sri Frederick Handley Page payload in Firefox via the drag-and-drop off mechanism. Normally, when you drag and drop a URL into the cover measure, that Uniform resource locator oodles automatically. But the short-circuit, which is triggered by dragging and dropping a malicious address, lets hackers spoof the address bar and opens your system to phishing attacks.

Mozilla also identified and fixed several computer memory corruption bugs—rated high—in the browser engine used in Mozilla-based products that could potentially be exploited to run arbitrary code happening your scheme. Another memory corruption bug could cause your program to crash.

These vulnerabilities and others are corrected in Firefox 13, 14, and Erythrocyte sedimentation rate 10.0.6; Thunderbird 13, 14, and ESR 10.0.6; and SeaMonkey 2.11.

For to a greater extent on the fixes, see Mozilla's Security Advisory, and specifically MFSA 2012-43, MFSA 2012-42, and MFSA 2012-52.

Apple Unveils Safari 6.0

Apple discharged Safari 6.0, and as wel patched two vulnerabilities in the company's Xcode software system development tools. Safari 6.0 patches a number of security vulnerabilities. Nearly notably, Apple black-and-white memory corruption issues in its WebKit that could lead to unexpected crashes Oregon impulsive code execution. The Safari 6.0 update is available for Bone X 10.7.4 and is included in OS X 10.8 Catamount.

Apple too geosynchronous shortcomings in Xcode 4.4 that could allow an assailant to gain access to and decrypt SSL-battlemented data as well as "keychains"—a secure storage system for certificates, passwords, and other nonpublic data.

More information is at these Apple security update pages: The first is for a diversity of Apple products, the second for Safari 6, and the fractional for Xcode 4.4.

Source: https://www.pcworld.com/article/460883/browser_updates_fix_bugs_weaknesses.html

Posted by: williamsmannion.blogspot.com