Showing posts sorted by date for query Mozilla Firefox. Sort by relevance Show all posts
Showing posts sorted by date for query Mozilla Firefox. Sort by relevance Show all posts

Debian Linux 7.0 Code Named 'Wheezy' Released & Available For Download

Posted by Avik Sarkar On 5/09/2013 04:30:00 pm

Debian Linux 7.0 Code Named 'Wheezy' Released & Added  Multiarch Support, Several Specific Tools

Once it was one of the most popular Linux distribution which have drawn the maximum attention, yes you are right I am talking about none other than Debian Linux. Now a days the craze of this flavor has became little fade but as the foundation for other, more popular Linux distributions, such as Mint, Ubuntu and few Pen Testing Distro, still the value of Debian exist. So the up-gradation and new release of this Linux flavor is  still very much important. And today I will talk about the new release of Debian Linux version 7.0 code named 'Wheezy'. After many months of constant development, the developers at Debian project proudly announced the general availability of the next version of this major Linux which is Debian 7.0 aka 'Wheezy'. According to the release note This new version of Debian includes various interesting features such as multiarch support, several specific tools to deploy private clouds, an improved installer, and a complete set of multimedia codecs and front-ends which remove the need for third-party repositories. Multiarch support, one of the main release goals for Wheezy, will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically. The installation process has been greatly improved: Debian can now be installed using software speech, above all by visually impaired people who do not use a Braille device. Thanks to the combined efforts of a huge number of translators, the installation system is available in 73 languages, and more than a dozen of them are available for speech synthesis too. In addition, for the first time, Debian supports installation and booting using UEFI for new 64-bit PCs (amd64), although there is no support for Secure Boot yet. 

This Release Includes Numerous Updated Software Packages, Such as:-
  • Apache 2.2.22
  • Asterisk 1.8.13.1
  • GIMP 2.8.2
  • An updated version of the GNOME desktop environment 3.4
  • GNU Compiler Collection 4.7.2
  • Icedove 10 (an unbranded version of Mozilla Thunderbird)
  • Iceweasel 10 (an unbranded version of Mozilla Firefox)
  • KDE Plasma Workspaces and KDE Applications 4.8.4
  • kFreeBSD kernel 8.3 and 9.0
  • LibreOffice 3.5.4
  • Linux 3.2
  • MySQL 5.5.30
  • Nagios 3.4.1
  • OpenJDK 6b27 and 7u3
  • Perl 5.14.2
  • PHP 5.4.4
  • PostgreSQL 9.1
  • Python 2.7.3 and 3.2.3
  • Samba 3.6.6
  • Tomcat 6.0.35 and 7.0.28
  • Xen Hypervisor 4.1.4
  • The Xfce 4.8 desktop environment
  • X.Org 7.7

Along with these more than other 36,000 ready-to-use software packages, built from nearly 17,500 source packages also included in Debian Linux 7.0. So after reading all those cool features, what you are waiting for lets download the installation image via bittorrent (the recommended method), jigdo, or HTTP




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars

Posted by Avik Sarkar On 1/24/2013 06:58:00 pm


Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars 

Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java

Contest Dates:-

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. DVLabs blog post will be updated as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

Rules & Prizes:-

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.
  • Web Browser
    • Google Chrome on Windows 7 ($100,000)
    • Microsoft Internet Explorer, either
      • IE 10 on Windows 8 ($100,000), or
      • IE 9 on Windows 7 ($75,000)
    • Mozilla Firefox on Windows 7 ($60,000)
    • Apple Safari on OS X Mountain Lion ($65,000)
  • Web Browser Plug-ins using Internet Explorer 9 on Windows 7
    • Adobe Reader XI ($70,000)
    • Adobe Flash ($70,000)
    • Oracle Java ($20,000)
The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.
Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.
Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing. 

Full contest rules can be found at http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html, and may be changed at any time without notice.

Registration:-
Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

The searching giant Google finally included the Do Not Track (DNT) option into its first stable version of the company's browser which is Google Chrome 23. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser.  Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. Also the Redmond based software giant drew some criticism recently for its decision to enable Do Not Track by default in IE 10First it was Mozilla who proposed the Do Not Track mechanism, in Firefox in June 2011 when it released Firefox 5. The DNT option is disabled by default in Chrome and in order to turn it on, users need to go to the customization menu in the top right corner of the browser window. Then click on the Settings option in the left side and scroll down to open the Advanced Settings menu. Under the Privacy menu, check the box next to the "Send a 'Do Not Track' request with your browsing traffic" option. Once that option is enabled, the user will see a message explaining what the DNT system will do for them.
Not only DNT, with the release of Chrome 23, Google closes several security holes and promises to improve battery life for some users. For systems with dedicated graphics chips that support Chrome's GPU-accelerated video decoding, version 23 of the WebKit-based browser is said to significantly reduce power consumption. According to Google, batteries lasted on average 25% longer in its tests when GPU-accelerated video decoding was enabled compared to only using a system's CPU when streaming online videos. Version 23 of Chrome also addresses a total of 15 security vulnerabilities in the browser, 6 of which are rated as "high severity". These include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk have also been corrected. As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a number of critical vulnerabilities, all of which were discovered by the Google Security Team. Further information about the new features can be found in the release announcement, while a full list of security fixes is provided in a post on the Chrome Releases blog. Chrome 23.0.1271.64 is available to download for Windows, Mac OS X and Linux users. 


-Source (Google Chrome Blog, The-H & threatpost)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Posted by Avik Sarkar On 11/02/2012 03:28:00 am

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which  forced Mozilla developers to release the third emergency fix in a month since the introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

OpenBSD 5.1 Released With Better Hardware Support & Performance

Posted by Avik Sarkar On 5/03/2012 12:35:00 pm

OpenBSD 5.1 Released With Better Hardware Support & Performance
Last year we got both FreeBSD & PCBSD 9 after few months we got GhostBSD 2.5 Final version. Couple of moths ago a public beta of NetBSD 6.0 get released for testing purpose. Now its the turn of OpenBS, The OpenBSD project has made version 5.1 of its free BSD-based UNIX-like operating system available to download. The latest update to the distribution comes six months after the release of OpenBSD 5.0 and includes better hardware support, performance improvements and new features, as well as package upgrades. 
Some Highlights:-
  • GNOME 3.2.1 (fallback mode)
  • KDE 3.5.10
  • Xfce 4.8.3
  • MySQL 5.1.60
  • PostgreSQL 9.1.2
  • Postfix 2.8.8
  • OpenLDAP 2.3.43 and 2.4.26
  • Mozilla Firefox 3.5.19, 3.6.25 and 9.0.1
  • Mozilla Thunderbird 9.0.1
  • GHC 7.0.4
  • LibreOffice 3.4.5.2
  • Emacs 21.4, 22.3 and 23.4
  • Vim 7.3.154
  • PHP 5.2.17 and 5.3.10
  • Python 2.5.4, 2.7.1 and 3.2.2
  • Ruby 1.8.7.357 and 1.9.3.0
  • Tcl/Tk 8.5.11
  • Jdk 1.7
  • Mono 2.10.6
  • Chromium 16.0.912.77
  • Groff 1.21 
Along with these we are getting OpenSSH 6.0, Xenocara (based on X.Org 7.6 with xserver 1.11.4 + patches, freetype 2.4.8, fontconfig 2.8.0, Mesa 7.10.3, xterm 276, xkeyboard-config 2.5 and more), OpenSSL 1.0.0f, Bind 9.4.2-P2, Gcc 4.2.1, Perl 5.12.2, Lynx 2.8.7rel.2 with HTTPS and IPv6 support, Sudo 1.7.2p8 & so on.  For additional information & to see the release note click here.

To Download OpenBSD 5.1 Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY

Posted by Avik Sarkar On 4/28/2012 02:55:00 pm

Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY
Developers at Mozilla declared the availability of Firefox 12 as well as Firefox 13 beta. With these release Firefox also includes more than 85 improvements to built-in developer tools. For example, developers no longer need to reload the page to see messages in the Web Console, and Scratchpad adds Find and Jump to Line commands to the editor. Developers claimed that your experience while updateing Firefox will be easier and better. nstead of asking users for the required privileges via UAC, it now uses the Mozilla Maintenance Service to update program files. Firefox executes the service with system privileges when it is needed and closes it after the update. An Access Control Entry (ACE) in the update service allows Firefox to launch it with system privileges even though the browser itself does not have them.
In Firefox 13 beta we are getting SPDY, the faster alternative to HTTP, has been incorporated in Firefox, but disabled by default, since the introduction of Firefox 11. Firefox 13 will be the first release with it enabled by default. What is new in Firefox 13 Beta:- 
  • SPDY Support: Firefox Beta now supports SPDY by default. SPDY is a protocol designed as a successor to HTTP that reduces the amount of time it takes for websites to load. SPDY encrypts all communication with SSL, which makes browsing more secure. Users will notice quicker page load speeds on sites that support SPDY networking.
  • Developer Tool Updates: Firefox Beta includes a number of improvements to Web Developer Tools. Page Inspector now allows you to lock in CSS pseudo-classes on inspected page elements and Style Editor now saves CSS files loaded via file:// URLs without prompting to make the workflow for experimenting with CSS much quicker.

To Download Firefox 12 for Windows, Linux & Mac Click Here & For Firefox 13 Beta Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Trojan Infected Over 600,000 Mac-OS Users, Apple Pushes Out Fix Again

Posted by Avik Sarkar On 4/09/2012 12:38:00 pm

Flashback Trojan Infected Over 600,000 Mac-OS Users, Apple Pushes Out Fix Again 

Russian anti-virus vendor Dr. Web spotted a Trojan affecting nearly 600,000 Macs around the world. The near immune image of the Mac OS X has simply crumbled. So much for Macs being relatively safe against malware attacks. That idea took a punch to the stomach this week when the news broke about the Flashback trojan affecting more than half a million Macs worldwide. Flashback is essentially the malware equivalent of a smash-and-grab thief. Exploiting a Java vulnerability, the code installs and runs when the user visits a compromised or malicious website, intercepting private data, like passwords, and sending it back out over the internet. According to Doctor Web, sources claim that “links to more than four million compromised web-pages could be found on a Google SERP [search results] at the end of March. In addition, some posts on Apple user forums described cases of infection by [the latest variant] BackDoor.Flashback.39 when visiting dlink.com.” The trojan, Backdoor.Flashback.39, can infect computers via an infected web page. The vulnerability itself lies in Java, a product which is not Apple’s
About 57% of infected machines were in the US, 20% in Canada, 13% in UK and 6% in Australia. Apple has already issued patches that curb the vulnerability, but it does not necessarily mean that all users have applied the security patch on their Macs. Even Mozilla has block listed all the older and vulnerable Java plug-in from Firefox. Users are recommended to install the recent Apple Java update to close the hole which allows malicious web pages to drop the trojan onto a system and to always check which application is actually asking for your password when requested.

Update: To detect if a system is infected with Flashback, run each of the following commands in the Mac OS X Terminal:-
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If all these commands respond with "The domain/default pair of ... does not exist", then there is no Flashback infection. Otherwise consult the F-Secure advisory for manual removal instructions.

If you’re running Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3 and Lion Server v10.7.3, be sure to hit up Software Update in your System Preferences.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

Posted by Avik Sarkar On 4/05/2012 08:43:00 pm

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

In the official blog post Mozilla confirmed that they have blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions. "The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user’s computer. This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms. Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied."- Said Mozilla
Unlike Google's Chrome browser, which has a feature specifically aimed at disabling outdated plug-ins, Firefox relies on Mozilla developers deciding which plug-ins pose a risk to users. However, users retain the choice of preventing those plug-ins from being disabled. The Firefox blocklist has rarely been used to disable plug-ins from big software vendors like Oracle, but precedents do exist. In October 2009, Mozilla decided to add Microsoft's Windows Presentation Foundation (WPF) plug-in to the Firefox blocklist after Microsoft revealed that it had a vulnerability.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Explorer & Firefox Also Became Victim To Hackers At Pwn2Own

Posted by Avik Sarkar On 3/12/2012 09:42:00 pm

Internet Explorer (IE 9) & Firefox 10.0.2 Also Became Victim To Hackers At Pwn2Own
At Pwn2Own contest the web-browsers are getting hacked in a series. First it was the turn of Google Chrome where Sergey Glazunov, a Russian security researcher has earned $60,000 by demonstrating how he could waltz past the security sandbox in Google's Chrome browser to run unauthorized code on fully-patched Windows 7 computers. Then the time came for Microsoft's Internet Explorer. A team from a French security firm managed to hack IE 9 on a fully patched Windows 7 SP1 machine. The group from Paris-based Vupen Security brought down IE9 running on Windows 7 by exploiting a pair of previously-unknown "zero-day" bugs that bypassed the operating system's defensive technologies to execute attack code, allowing that code to escape from IE's "Protected Mode," the browser's limited-rights anti-exploit system. They managed to bypass the browser's DEP and ASLR protection with a 0-day heap overflow vulnerability, and then used a separate memory corruption bug to break out of its Protected Mode, which is effectively a sandbox. According to VUPEN founder Chaouki Bekrar, these particular flows have existed in previous incarnations of the browser - all the way back to IE 6 - and will very likely work on the upcoming IE 10.
Then the turn of Firefox came. Mozilla’s Firefox is the latest browser to fall victim to hackers at this year’s Pwn2Own hacker contest. Two researchers working together – Willem Pinckaers and Vincenzo Iozzo — exploited a single zero-day vulnerability in the latest Firefox 10.0.2 on a fully patched Windows 7 SP1 PC to cart off a $30,000 cash prize.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Posted by Avik Sarkar On 2/24/2012 10:32:00 pm

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage
Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 
Brief About Metasploit:- 
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
Module Changes:-
  •     Novell eDirectory eMBox Unauthenticated File Access
  •     JBoss Seam 2 Remote Command Execution
  •     NAT-PMP Port Mapper
  •     TFTP File Transfer Utility
  •     VMWare Power Off Virtual Machine
  •     VMWare Power On Virtual Machine
  •     VMWare Tag Virtual Machine
  •     VMWare Terminate ESX Login Sessions
  •     John the Ripper AIX Password Cracker
  •     7-Technologies IGSS 9 IGSSdataServer.exe DoS
  •     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion
  •     DNS and DNSSEC fuzzer
  •     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
  •     CorpWatch Company ID Information Search
  •     CorpWatch Company Name Information Search
  •     General Electric D20 Password Recovery
  •     NAT-PMP External Address Scanner
  •     Shodan Search
  •     H.323 Version Scanner
  •     Drupal Views Module Users Enumeration
  •     Ektron CMS400.NET Default Password Scanner
  •     Generic HTTP Directory Traversal Utility
  •     Microsoft IIS HTTP Internal IP Disclosure
  •     Outlook Web App (OWA) Brute Force Utility
  •     Squiz Matrix User Enumeration Scanner
  •     Sybase Easerver 6.3 Directory Traversal
  •     Yaws Web Server Directory Traversal
  •     OKI Printer Default Login Credential Scanner
  •     MSSQL Schema Dump
  •     MYSQL Schema Dump
  •     NAT-PMP External Port Scanner
  •     pcAnywhere TCP Service Discovery
  •     pcAnywhere UDP Service Discovery
  •     Postgres Schema Dump
  •     SSH Public Key Acceptance Scanner
  •     Telnet Service Encyption Key ID Overflow Detection
  •     IpSwitch WhatsUp Gold TFTP Directory Traversal
  •     VMWare ESX/ESXi Fingerprint Scanner
  •     VMWare Authentication Daemon Login Scanner
  •     VMWare Authentication Daemon Version Scanner
  •     VMWare Enumerate Permissions
  •     VMWare Enumerate Active Sessions
  •     VMWare Enumerate User Accounts
  •     VMWare Enumerate Virtual Machines
  •     VMWare Enumerate Host Details
  •     VMWare Web Login Scanner
  •     VMWare Screenshot Stealer
  •     Capture: HTTP JavaScript Keylogger
  •     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
  •     Asterisk Manager Login Utility
  •     FreeBSD Telnet Service Encryption Key ID Buffer Overflow
  •     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
  •     Java Applet Rhino Script Engine Remote Code Execution
  •     Family Connections less.php Remote Command Execution
  •     Gitorious Arbitrary Command Execution
  •     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
  •     OP5 license.php Remote Command Execution
  •     OP5 welcome Remote Command Execution
  •     Plone and Zope XMLTools Remote Command Execution
  •     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit
  •     Support Incident Tracker <= 3.65 Remote Command Execution
  •     Splunk Search Remote Code Execution
  •     Traq admincp/common.php Remote Code Execution
  •     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection
  •     Mozilla Firefox 3.6.16 mChannel Use-After-Free
  •     CTEK SkyRouter 4200 and 4300 Command Execution
  •     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
  •     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
  •     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
  •     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
  •     Java MixerSequencer Object GM_Song Structure Handling Vulnerability
  •     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
  •     MS12-004 midiOutPlayNextPolyEvent Heap Overflow
  •     Viscom Software Movie Player Pro SDK ActiveX 6.8
  •     Adobe Reader U3D Memory Corruption Vulnerability
  •     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
  •     BS.Player 2.57 Buffer Overflow
  •     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow
  •     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
  •     McAfee SaaS MyCioScan ShowReport Remote Command Execution
  •     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
  •     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
  •     Ability Server 2.34 STOR Command Stack Buffer Overflow
  •     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
  •     Serv-U FTP Server < 4.2 Buffer Overflow
  •     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
  •     XAMPP WebDAV PHP Upload
  •     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
  •     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
  •     HP Diagnostics Server magentservice.exe Overflow
  •     StreamDown 6.8.0 Buffer Overflow
  •     Wireshark console.lua Pre-Loading Script Execution
  •     Oracle Job Scheduler Named Pipe Command Execution
  •     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow
  •     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
  •     OpenTFTP SP 1.4 Error Packet Overflow
  •     AIX Gather Dump Password Hashes
  •     Linux Gather Saved mount.cifs/mount.smbfs Credentials
  •     Multi Gather VirtualBox VM Enumeration
  •     UNIX Gather .fetchmailrc Credentials
  •     Multi Gather VMWare VM Identification
  •     UNIX Gather .netrc Credentials
  •     Multi Gather Mozilla Thunderbird Signon Credential Collection
  •     Multiple Linux / Unix Post Sudo Upgrade Shell
  •     Windows Escalate SMB Icon LNK dropper
  •     Windows Escalate Get System via Administrator
  •     Windows Gather RazorSQL Credentials
  •     Windows Gather File and Registry Artifacts Enumeration
  •     Windows Gather Enumerate Computers
  •     Post Windows Gather Forensics Duqu Registry Check
  •     Windows Gather Privileges Enumeration
  •     Windows Manage Download and/or Execute
  •     Windows Manage Create Shadow Copy
  •     Windows Manage List Shadow Copies
  •     Windows Manage Mount Shadow Copy
  •     Windows Manage Set Shadow Copy Storage Space
  •     Windows Manage Get Shadow Copy Storage Info
  •     Windows Recon Computer Browser Discovery
  •     Windows Recon Resolve Hostname
  •     Windows Gather Wireless BSS Info
  •     Windows Gather Wireless Current Connection Info
  •     Windows Disconnect Wireless Connection
  •     Windows Gather Wireless Profile
For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ubuntu 10.04.4 (Lucid Lynx) LTS Released By Canonical

Posted by Avik Sarkar On 2/18/2012 11:52:00 pm

Ubuntu 10.04.4 (Lucid Lynx) LTS Released By Canonical
Ubuntu lovers I have a very good news for you. Canonical and the Ubuntu developers officially announced the availability Ubuntu 10.04.4 LTS the fourth maintenance update to Ubuntu's 10.04 LTS release. This release includes updated server, desktop, alternate installation CDs and DVDs for the i386 and amd64 architectures. Parallely the Kubuntu team made Kubuntu 10.04.4. LTS available which again includes updated images for the desktop and alternate installation CDs and DVDs for the i386 and amd64 architectures. The most notable change is that Firefox has been updated to Firefox 9 and will track Mozilla's rapid release updates. This is the last planned maintenance release for the 10.04 LTS series. Future security updates and bug fixes will be individually downloadable from the Ubuntu archive in the same way as before, but no further updates to installation media will be provided for 10.04 LTS. The next LTS release, 12.04 LTS, will be released in April 2012.  
Earlier in 2011 Ubuntu team has released both version 11.10 code named "Oneiric Ocelot" & 12.04 LTS code named "Precise Pangolin". In the last month they made 12.04 LTS (Precise Pangolin) Alpha 2 available. 

To Download the Desktop Edition of Ubuntu 10.04.4 LTS Click Here & For Server Edition Click Here


 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metro Version Of Firefox Will Available on Windows 8

Posted by Avik Sarkar On 2/18/2012 12:16:00 am

Metro Version Of Firefox Will Available on Windows 8
There are lots of addition and subtraction is going with the upcoming Microsoft Windows 8 & Windows on ARM.Microsoft's browser rivals to publicly commit to a Metro edition. Microsoft has said it will ship both Metro and traditional desktop versions of Internet Explorer 10. Metro is Microsoft's label for the touch-enabled interface at the center of both Windows 8 and WOA. Windows 8 will run Metro and traditional 32- and 64-bit Windows applications, but WOA will run only those third-party apps designed for Metro. Not only IE but also Firefox will follow the same trend. Mozilla confirms that it will build a "proof-of-concept" version of Firefox for Windows 8's Metro touch-first interface next quarter, then follow that with more functional editions later in the year. Mozilla Said:- "This proposal depends on Microsoft providing the same capabilities for Firefox as it does for IE -- running at the Medium level integrity process that allows us the full use of the Win32 API and what we need from Metro, or a set of APIs that allow Mozilla to port Gecko to the WinRT. For the purposes of this feature proposal, I'm assuming we'll get the first and we won't have to port the bulk of Gecko and instead will use the win32 dlls from within Metro."

Feature Overview:- 
  • Windows 8 contains two application environments, "Classic" and "Metro". Classic is very similar to the Windows 7 environment at this time, it requires a simple evolution of the current Firefox Windows product. Metro is an entirely new environment and requires a new Firefox front end and system integration points.
  • The feature goal here is a new Gecko based browser built for and integrated with the Metro environment.
  • Firefox on Metro, like all other Metro apps will be full screen, focused on touch interactions, and connected to the rest of the Metro environment through Windows 8 contracts.
  • Firefox on Metro will bring all of the Gecko capabilities to this new environment and the assumption is that we'll be able to run as a Medium integrity app so we can access all of the win32 Firefox Gecko libraries avoiding a port to the new WinRT API for the bulk of our code. (Though we will need to have a pan and zoom capability for content.)
  • We will need to determine if the Firefox front end on Metro will be built in XUL, C/C++, or HTML/CSS/JS (I'm assuming for now that .Net and XAML are off the table.)
  • Firefox on Metro is a full-screen App with an Appbar that contains common navigation controls (back, reload, etc.,) the Awesomebar, and some form of tabs.
  • Firefox will have to support three "snap" states -- full screen, ~1/6th screen and ~5/6th screen depending on how the user "docks" two full screen apps. Our UI will need to adjust to show the most relevant content for each size.
  • In order to provide users with access to other content, other apps, and to Firefox from other content and apps, we'll need integration with the share contract, the search contract, the settings contract, the app to app picking contract, the print contract, the play to contract, and possibly a couple more. We'll be a source for some, a target for some, and both for some.
  • We'll need to handle being suspended by the OS when out of view.
  • We may want to offer a live tile with user-centric data like friends presence or other Firefox Home information updates
  • Ideally we'd be able to create secondary tiles for Web-based apps hosted in Firefox's runtime.
For More Information Click Here


-Source (Mozilla & Computer World)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Patches Security Hole In Firefox 10

Posted by Avik Sarkar On 2/03/2012 09:34:00 pm

Mozilla Patches Security Hole In Firefox 10

Mozilla released security patch which closes eight security holes in Firefox 10, among those 8 vulnerabilities, 6 are very critical which is company's highest threat rank and two are considered as "high". One of the vulnerability, which has been cured via Firefox 10, exposed users to cross-site scripting (XSS) attack as the browser fails to run security scan on untrusted scripting objects, as stated by the company. The update also works on other bugs which forces the browser to crash.
According to Mozilla's official website, "The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts." The company also claimed that Firefox 10 has a number of features important for developers. However, for the users there is one noticeable change which is the ability of the browser to mark automatically almost all the add-ons that are compatible with every upgrade.
To Download Firefox 10 Click Here


-Source (Mozilla)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Released Firefox 9, JavaScript Performance Improved

Posted by Avik Sarkar On 12/22/2011 04:09:00 am


Earlier we have talked about Firefox 8, 8.0.1 & Firefox 9 Beta. Now one of the world's most common and popular web-browser Firefox has its version 9.0.  Based on the Gecko 9.0 rendering engine, Firefox 9.0 brings under the hood changes that improve JavaScript performance by up to 30%. Type inference, a new feature in this release, provides the browser's just-in-time compiler (JIT) with reliable information on variable types. This enables it to generate more efficient code which does away with many of the runtime checks which were previously required because variables in JavaScript are dynamically typed. The algorithm developed by Mozilla's programmers is described in detail in Fast and Precise Hybrid Type Inference for JavaScript. It uses conventional static code analysis as its starting point, but adds in dynamic aspects using "type barriers", at which the JIT compiler checks a variable's current type and modifies the generated code where appropriate.
More details about this update, including a list of bug fixes, can be found in the release notes and on the Firefox 9 for developers page. 


To Download Firefox 9 Click Here



  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Opera 11.60 Codenamed "Tunny" Released & Major Security Holes Fixed

Posted by Avik Sarkar On 12/08/2011 11:15:00 am


Opera 11.60 Final Version code named "Tunny" has been released by Opera Software. Opera 11.60 boasts three major new features, including revamped Address Bar, browser engine and mail client. Opera, which runs on Windows, Mac and Linux, has long been regarded as a pioneer when it comes to the web browser -- it was the first to introduce tabbed browsing, for example, and is still the only major browser to also include a mail client.
The Address Bar has been revamped to provide an experience similar to rival browsers such as Google Chrome and Mozilla Firefox in providing helpful suggestions as the user starts typing into the Address field. Version 11.60 also introduces a new shortcut, courtesy of a clickable star, to the Address Bar that makes it quick and easy to add the current web page to your Speed Dial or bookmarks menu.
Opera 11.60′s most visible new features are in the mail client’s extensive redesign, which Opera claims brings it in line with the browser’s "featherweight design aesthetic" The layout is cleaner, and messages are now grouped together by date, with options for grouping them by unread or pinned status, or not at all. Messages can also be pinned via a single click, with the pinning mapped to the IMAP \Flagged feature, ensuring compatibility with other IMAP clients, including Gmail’s Starred message status. The Mail toolbars have been simplified and redesigned icons coupled with easier access to the settings dialog (click the new Wrench button) provide weight to Opera’s claim that this makes the client easier to navigate and more intuitive to use. 
In this release opera updated addresses a vulnerability affecting some two- and three-letter top-level domains (TLD) that could allow cookies to be set for the TLD itself; these cookies could then be read by other sites using that TLD. A problem related to a weakness in the SSL v3.0 and TLS 1.0 specifications which could be used for eavesdropping attacks against some applications, and a cross-domain information leakage problem in the JavaScript "in" operator, have also been fixed.
In addition to the security fixes, Opera 11.60 has a new HTML engine that should, according to its developers, improve loading time for a majority of web sites, including pages using Secure Sockets Layer (SSL) encryption technology. Other changes include a completely revamped built-in mail client (M2) that's said to be easier to setup and use, and improvements to the address (URL) field to allow users to quickly add their favourite sites to the browser's Speed Dial.

To Download Opera 11.60 For Windows, Linux, Mac, BSD & Solaris Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SeaMonkey 2.6 Beta 1 Released & Improved add-on Control

Posted by Avik Sarkar On 11/24/2011 12:29:00 am



SeaMonkey 2.6 Beta 1 is now available for  download on the SeaMonkey website. The SeaMonkey project is a community effort to develop the SeaMonkey all-in-one internet application suite (see below). Such a software suite was previously made popular by Netscape and Mozilla, and the SeaMonkey project continues to develop and deliver high-quality updates to this concept. Containing an Internet browser, email & newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools, SeaMonkey is sure to appeal to advanced users, web developers and corporate users.
Under the hood, SeaMonkey uses much of the same Mozilla source code which powers such successful siblings as Firefox, Thunderbird, Camino, Sunbird and Miro. Legal backing is provided by the Mozilla Foundation.

To Download SeaMonkey Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 8.0.1 (Critical Bugs & Flaws Fixed)

Posted by Avik Sarkar On 11/22/2011 04:47:00 pm



Mozilla patched 13 bugs and updates 8 flaws in Firefox version 8.  This is the first maintenance update of this version. . According to the release notes, Firefox 8.0.1 is a minor release that addresses two crashing bugs though there are 13 bugs listed as known issues that are "to be fixed in future versions".
One of the issues occurs when a Java Applet is loaded under Java SE 6 Update 29 (1.6.0_29) and affects Mac OS X systems, while the other is caused by versions of RoboForm older than 7.6.2 on Windows. Firefox 8.0.1 is available to download for Windows, Mac OS X and Linux from the project's site. Alternatively, existing users can upgrade to the new versions, either by waiting for the automated update notification or by manually checking.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 9 Beta For Both Desktop & Android Released

Posted by Avik Sarkar On 11/12/2011 09:30:00 pm


Just after the official release of Firefox 8 now Mozilla has announced the availability of the beta channel version of Firefox 9 for both desktop and android. The beta channel release for desktop brings new features and enhancements for the end user and adds new developer features. Most notable is the Type Inference (TI) engine in Firefox's TraceMonkey JavaScript engine. This allows the engine to generate type information about scripts it is running, analysing the code and then reviewing the dynamic types as the scripts executes. The type information is then used during JIT compilation to generate more efficient code. As JavaScript is a dynamically typed language, the JIT compiler, not knowing the type of data, has had to generate slower code to allow for all possibilities. Type inference can determine, for example if only integers are needed in a loop and then generate machine code which uses only integers; this results 20 to 30 per cent faster JavaScript performance.
Camera support has also been enabled so that HTML5 developers can use it as an input device. The HTML5 Form Validation API automatically validates form fields with numbers, email addresses and URLs without developers needing to write their own code.
Other new features include Mac OS X Lion support which sees visual improvements as Firefox matches the the Mac OS X application toolbar and style; it supports two-finger swipe navigation gestures and is said to be easier to use on multiple monitors. Support for detecting Do Not Track in JavaScript has been added to allow web sites which cannot read the Do Not Track header to detect that the user wants to opt out of behavioural tracking.

To download Firefox 9 Beta Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Firefox 8 Released With More Add-on Control Features

Posted by Avik Sarkar On 11/09/2011 10:28:00 pm


Mozilla announced today the official release of Firefox 8, a new version of the popular open source Web browser. The modest update introduces a few new features and brings a number of minor improvements to the browser’s underlying HTML renderer. From version 8, when Firefox launches and detects that a new third-party add-on has been installed, the add-on will be disabled by default until approved by the user. When users upgrade to Firefox 8, they will be presented with a one-time dialog for approving previously installed add-ons. Another noteworthy user-facing feature in Firefox 8 is stricter control over side-loaded add-ons. Mozilla is cracking down on third-party applications that install add-ons in Firefox without the user’s knowledge or permission. Such add-ons have caused serious problems for users in the past—like the notoriously buggy Skype toolbar which Mozilla had to remotely disable earlier this year when it caused 33,000 Firefox crashes in one week.


To Download Firefox 8 Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox with Bing By Microsoft & Mozilla

Posted by Avik Sarkar On 10/27/2011 11:04:00 pm



Mozilla has teamed with Microsoft to bring more Bing to Firefox. Mozilla and Bing are pleased to make available Firefox with Bing, a customized version of Firefox that sets Bing as the default search engine in the search box and AwesomeBar and makes Bing.com the default home page.  (Existing Firefox users can also make these changes by installing the Bing Search for Firefox Add-on)
Of course, any user of Firefox can go into the browser's settings and make those changes themselves if they want, and there is even a "Bing Search for Firefox" add-on that will do the same. But many users don't mess with their settings too much, which is why Google (the usual default for Firefox) is the most widely used search engine among Firefox users. Google competes with Bing on the search side and Google's Chrome browser competes with Firefox. Microsoft, of course, makes a Firefox rival in Internet Explorer. Mozilla, in a blog post, said that "nearly 20 customized versions of Firefox" are available from its partners, including Bing, Yahoo (which now uses Bing to power its search as well), Twitter and Yandex.

To Download firefox with Bing here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search