Mozilla security chief Window Snyder says the "jar:" protocol handler issue that currently haunts Firefox will be fixed very soon in the next refresh of the browser.The problem (see previous coverage) is that Firefox's "jar:" protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
The WabiSabiLabi vulnerability auction house is hyping the sale of a potentially nasty remote code execution flaw in ClamAV, the popular open-source anti-virus toolkit recently acquired by Sourcefire.
Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard.
Malicious hackers are using Skype to try to trick Windows users into buying a rogue anti-malware application. The lures arrive via Skype's instant messaging feature with a warning that malware has been detected on the machine and urging users to buy and run a fake "repair utility.
Apple today released a monster update to provide belated cover for at least 41 security holes in its flagship Mac operating system.
A survey by renowned database hacker David Litchfield has found a whopping 492,000 Microsoft SQL and Oracle database servers directly accessible to the Internet without firewall protection.
Microsoft has finally shipped a comprehensive fix for a critical URI handling vulnerability that exposes Windows users to drive-by malware attacks.
Guest Editorial by Gadi Evron "The Mac is going main-stream" is just one of the catch-phrases that we've seen in the past two weeks when reading about the Trojan horse infecting Apple Mac OS X users. This attack has created a lot of controversy in the security realm.
Microsoft has confirmed several "unexpected UI errors" in the WSUS (Windows Server Update Services) patch management tool could disrupt the distribution of today's Patch Tuesday software fixes.
Software engineers at Mozilla are working on a fix for another protocol handing issue affecting the company's flagship Firefox browser. Code execution attacks are possible under certain conditions.