ep's blog

Multiple vulnerabilities in Wireshark version 0.9.0 to 1.2.4

http://www.wireshark.org/security/wnpa-sec-2009-09.html

"It may be possible to make Wireshark crash remotely or by convincing
someone to read a malformed packet trace file."

There were three security bugs fixed in version 1.2.5 of Wireshark: SMB
and SMB2 dissectors, IPMI dissector and Daintree SNA file parser.

It is recommended that users upgrade their version of Wireshark to 1.2.5.

Mozilla patches critical, high-risk Firefox vulnerabilities

http://blogs.zdnet.com/security/?p=5137&tag=content;col1

"Mozilla has shipped Firefox 3.5.6 with patches for at least 11
documented security vulnerabilities."

It is recommended that you update your Firefox to the latest version to
fix these issues.

It should be noted, updating to 3.5.6 on my machine broke my Profile.
It could be related to an add-on that I have and may not affect you or
your users. To fix, I created a new profile from scratch.

VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues

http://seclists.org/fulldisclosure/2009/Dec/344

"1. Summary

VMware vCenter and ESX update releases address cross-site scripting
issues in the Help functionality of WebAccess. A vCenter Lab Manager
release addresses the same issues which are present in the online
Help functionality of Lab Manager and Stage Manager.

2. Relevant releases

7 Most hacked software of 2009

http://www.forbes.com/2009/12/10/adobe-hackers-microsoft-technology-cio-...

Forbes compiled a list of the seven Most-Hacked software titles for 2009.  They took a survey of security professionals from various companies including Verisign, TippingPoint, iDefense and Qualys.  Based on this survey, Forbes found that the following were the most hacked software titles from 2009.

Pages