ep's blog

Multiple Firefox vulnerabilities could lead to system compromise

http://www.mozilla.com/en-US/firefox/ - Multiple vulnerabilities were found in version and which could lead to many different types of information disclosure, cross site scripting and possibly even system compromise. It is recommended to update to v2.0.0.14 at the next outage window. It is also noted that v1.5.x of Firefox has not been supported for almost a year and upgrading to 2.0 is highly recommended.

Xpdf Multiple Remote Vulnerabilities (through coercion)

http://www.securityfocus.com/bid/26367/info - Xpdf is vulnerable to arbitrary code execution in the context of the xpdf process. This exploit requires convincing the victim to open a malicious pdf file. Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected. A patch is available which fixes this hole (ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch). It is recommended to update xpdf when the vendor releases a new version.

Multiple vulnerabilities patched in Thunderbird

http://secunia.com/advisories/29133/ - Multiple vulnerabilities were fixed in Thunderbird. These include heap overflows, information disclosure, directory traversal, privilege escalation and memory corruption crashes. These problems are fixed in version It is worth mentioning that Thunderbird 1.5 is no longer supported. Mozilla has warned that these issues remain in Thunderbird 1.5.14 and are not scheduled to be fixed. It is recommended that all Thunderbird users upgrade to

Multiple Vulnerabilities in Horde v3.1.5

http://secunia.com/advisories/28382/ - http://secunia.com/advisories/28020/ - Multiple vulnerabilities in Horde v3.1.5 (and before) allow for security restriction bypass (by an authenticated user) and allow for iframe injection in HTML email which could be used to delete the users mail (from any external person). It is highly recommended to upgrade to v3.1.6.

Security update available for Adobe Reader and Acrobat 8 fixes vulnerability

http://www.adobe.com/support/security/advisories/apsa08-01.html - An error in the printSepsWithParams() function within the Adobe Reader and Acrobat 8.1.1 program could lead to arbitrary code execution. In order to be compromised, a user must open a malicious PDF file. It is recommended to upgrade to Adobe Reader/Acrobat 8.1.2.