Blogs

Drupal - SA-CONTRIB-2009-085 - Insert Node - Cross Site Scripting

http://drupal.org/node/617400

"Description

The Insert Node module provides an input filter that enables a node to
be inserted within the body field of another node.

The module fails to sanitize the inserted node, making it vulnerable to
a cross site scripting (XSS) attack.
Versions affected

* Insert Node module versions for Drupal 5.x prior to Insert Node
5.x-1.2

Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability

http://seclists.org/fulldisclosure/2009/Oct/338

"Remote exploitation of a buffer overflow in the Mozilla Foundation's
libpr0n image processing library allows attackers to execute arbitrary
code."

This has been fixed in the libpr0n libraries and pushed into Firefox
3.5.4. It is recommended that users upgrade to this version to avoid
exploitation.

If upgrade is not possible, users can disable automatically loading
images into their browser as a work around.

Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability

http://seclists.org/fulldisclosure/2009/Oct/338

"Remote exploitation of a buffer overflow in the Mozilla Foundation's
libpr0n image processing library allows attackers to execute arbitrary
code."

This has been fixed in the libpr0n libraries and pushed into Firefox
3.5.4. It is recommended that users upgrade to this version to avoid
exploitation.

If upgrade is not possible, users can disable automatically loading
images into their browser as a work around.

Drupal - SA-CONTRIB-2009-085 - Insert Node - Cross Site Scripting

http://drupal.org/node/617400

"Description

The Insert Node module provides an input filter that enables a node to
be inserted within the body field of another node.

The module fails to sanitize the inserted node, making it vulnerable to
a cross site scripting (XSS) attack.
Versions affected

* Insert Node module versions for Drupal 5.x prior to Insert Node
5.x-1.2

Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability

http://seclists.org/fulldisclosure/2009/Oct/338

"Remote exploitation of a buffer overflow in the Mozilla Foundation's
libpr0n image processing library allows attackers to execute arbitrary
code."

This has been fixed in the libpr0n libraries and pushed into Firefox
3.5.4. It is recommended that users upgrade to this version to avoid
exploitation.

If upgrade is not possible, users can disable automatically loading
images into their browser as a work around.

IE, Chrome, Safari duped by bogus PayPal SSL cert

http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_pu...

A specially crafted SSL certificate was created that included a null
character in the Subject dn. This certificate was able to fool Internet
Explorer, Chrome and Safari into thinking that they were connected to a
legitimate Paypal site, when in fact, they were not.

IE, Chrome, Safari duped by bogus PayPal SSL cert

http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_pu...

A specially crafted SSL certificate was created that included a null
character in the Subject dn. This certificate was able to fool Internet
Explorer, Chrome and Safari into thinking that they were connected to a
legitimate Paypal site, when in fact, they were not.

Pages