Subscribe For Free Updates!

We'll not spam mate! We promise.

Nov 21, 2007

Mozilla Launching Firefox 3.0 Beta 1


Mozilla Corp. Monday nov,19 has released the first beta of Firefox 3.0, but continued to warn most users to stick with production Version 2.0.

"We do not recommend that anyone other than developers and testers download the Firefox 3 Beta 1 milestone release, It is intended for testing purposes only." Mike Beltzner, Mozilla's interface designer, said in a note posted to the company's development center.

But while the official word was for users to stand clear, Beltzner's personal recommendation was a lot less intimidating. "It's a preview release, so use with caution and don't expect your add-ons to work without some magic; but between you and me, I've been running on this 'developer preview' for at least three months, and have never looked back," he said in a post to his own blog.

Beltzner also touted several of the improvements in Firefox 3.0, including new security features and tools, a redesign of the bookmarking and browser history and numerous back-end platform enhancements, but he said they all require more testing and user feedback. The company has posted a more complete list of new features in the release notes it added to its Web site Monday.


On the security side, Firefox 3.0 adds malware check, a phishing filter-like feature that warns users attempting to reach a URL blacklisted for suspected malicious code hosting; one-click site information that displays site ownership; fixes for vulnerabilities in plug-in updating; and integration with antivirus software and Windows Vista's parental control settings.

Mozilla also claimed that it has fixed more than 300 individual memory leaks and added a new cycle collector to eliminate other memory issues. Firefox has a reputation for leaking memory -- consuming large quantities the longer it's left running, and ultimate slowing down its host computer -- although some of its developers have contested the claims, and even pegged the problem as one of perception.

Most current Firefox plug-ins -- Mozilla calls them extensions -- will not work with Firefox 3.0, a stumbling block for some who might otherwise want to test the preview. "Users of the latest released version of Firefox should not expect their add-ons to work properly with this beta," the beta's release notes read.

Firefox 3.0 Beta 1 can be downloaded for Windows, Mac OS X and Linux in 21 language versions from Mozilla's site.

DOWNLOAD FIREFOX 3.0 BETA 1

Nov 2, 2007

Novell BorderManager Client Trust Buffer Overflow Vulnerability

Secunia.com 2007-11-01 , release at their website a vulnerability has been reported in Novell BorderManager, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the Client Trust application incorrectly processing validation requests sent to the UDP port on which clntrust.exe is listening (by default 3024). This can be exploited to cause a heap-based buffer overflow by sending a specially crafted validation request containing a Novell tree name without backslash or zero wide characters.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in Novell BorderManager 3.8. Prior versions may also be affected.

Solution : Download patch from Vendor
(http://download.novell.com/Download?buildid=AuOWp2Xsvmc~)


6 Related Secunia Security Advisories

1. Novell BorderManager Unicode Encoding Detection Bypass
2. Novell BorderManager ISAKMP Predictable Cookie Security Issue
3. Novell BorderManager VPN Denial of Service Vulnerability
4. Novell BorderManager Proxy Potential Denial of Service
5. Novell Bordermanager VPN Service Unspecified Denial of Service
6. Novell BorderManager 3.7 SP2 fixes multiple issues

Other Release at 2007-11-01 from Secunia.com

Read more after jump

- Apache Geronimo SQLLoginModule Non-existing User Authentication Security Bypass
- Apache Geronimo WebDAV Arbitrary File Content Disclosure
- IBM WebSphere Application Server Community Edition SQLLoginModule Security Bypass
- Macrovision Products Update Service ActiveX Control Insecure Methods
- rPath update for cups
- IBM Tivoli Continuous Data Protection for Files Insecure Permissions
- ISPworker Two Directory Traversal Vulnerabilities
- Novell BorderManager Client Trust Buffer Overflow Vulnerability
- Blue Coat ProxySG SGOS Cross-Site Scripting Vulnerability
- WebSphere Application Server Community Edition WebDAV Content Disclosure
- SUSE update for cups
- CONTENTCustomizer "dialog.php" Information Disclosure
- SUSE Update for Multiple Packages
- Red Hat update for kernel
- WORK system e-commerce Multiple Unspecified Ajax Vulnerabilities