Mozilla, Skype Issue Updates
It seems as though every maker of desktop software applications is issuing updates to its products this week. Skype, the popular voice-over-Internet telephone service+software has a new version that squashes a security bug. Meanwhile Mozilla is pushing out an update to its Firefox Web browser that plugs at least 10 vulnerabilities.
The Skype flaw, discovered by researcher Aviv Raff, stems from the fact that Skype uses Internet Explorer's Web control to render internal and external HTML pages.
According to Raff, Skype uses an Internet Explorer web control within the application to render internal and external HTML pages. Raff writes on his blog: "Examples for this pages are the 'Send money via PayPal' dialog, or 'Add video to chat' dialog. Recently, I've discovered that Skype is running this web control in Local Zone."
Raff continues: "The more problematic issue here is that Skype runs the HTML pages is a not-locked Local Zone mode, the same as AOL's AIM does in the chat message window. This means, that if it is possible to inject a script to any of those pages, it is possible to execute code on the user's machine." Raff has a short video clip example on his blog that shows a Web site using this Skype flaw to launch the built-in calculator function in Windows (in an attack scenario, the bad guys would almost certainly launch something more useful, such as a command prompt that opens an Internet connection back to the attacker's system.)
Skype users can download the latest version (3.6.*.248) for Windows, Mac and Linux systems at the links provided here.
The Mozilla update brings Firefox to version 2.0.0.12. A list of the changes is available here. Firefox is designed to download updates when they are available and automatically install them. If you haven't seen a pop-up from Firefox saying that a new version has been installed, be patient. The Firefox installation on my home PC only just, last night, alerted me that it had been updated.
Finally, Microsoft said Thursday that it plans to release at least a dozen patch bundles next Tuesday as part of its monthly "Patch Tuesday" cycle, with fixes planned for Windows, Microsoft Office, Internet Explorer and Microsoft Internet Information Server (IIS). More than half of the patches will carry a "critical" rating, Redmond's most dire. As usual, Security Fix will have more details on the patches shortly after they are released next week.
By Brian Krebs |
February 8, 2008; 11:02 AM ET
New Patches
Previous: The Storm Worm's Family Tree |
Next: Hackers Exploit Adobe Reader Flaw
Posted by: J. Warren | February 8, 2008 12:29 PM
I don't like how the latest version of Firefox doesn't let you highlight an address in the address bar with one click anymore.
I copy and paste a lot of web addresses into discussion forums, and now I have to manually paint the address with my mouse, then right-click and choose "Copy." I used to be able to do this with a simple point-and-click.
If anyone knows of a workaround for this, I'm all ears.
Posted by: Heron | February 8, 2008 9:57 PM
Nix the previous comment. I guess my computer was just acting up, because when I closed Firefox then brought it back up, right-click copying in the location bar resumed working.
Posted by: Heron | February 8, 2008 10:12 PM
Dear Mr. Krebs:
You report that Firefox is
"designed to download updates when they are available and automatically install them."
Wouldn't this cause problems if the user is running in a non-administrative account?
Tom
Posted by: Thomas L Jones, PhD | February 9, 2008 2:36 PM
Alas, when I installed the latest version of Skype on my Windows XP and Windows Vista boots, I encountered difficulties. In the former case, sound from my headpiece microphone, which formerly came through loud and clear, was barely audible ; in the latter it could not be heard at all. I tried re-installing the earlier 3.6.0.244 version, but, somewhat to my surprise, this didn't help. What's going on ?...
Henri
Posted by: M Henri Day | February 9, 2008 5:31 PM
@Tom: Wouldn't this cause problems if the user is running in a non-administrative account?
This is a potential problem, depending on how, and to which location in the filesystem, Firefox is installed. This is from the release notes for version 2.0.0.12:
http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/
"Software Update will not work if Firefox is installed to a location on your disk to which you do not have write access, since Software Update needs to replace or create files in this location.'
(A similar note has been in the notes for all recent releases.)
Installing software is one of the legitimate reasons for using an administrator account.
Posted by: Rich Gibbs | February 9, 2008 7:00 PM
The latest version of Firefox still has the option of "ask me what to do" when updates are found rather than automatically downloading and installing them. When it notifies you of an update, switch to your admin account and then update.
Tools>Options>Advanced>Update is the location for the "ask me what to do" option.
Posted by: A | February 10, 2008 7:45 PM
Claes from Stockholm Sweden here:) I have uppdated to Firefox 2.0.0.12 on three out of five computers. The Firefox on the updated computers tend to freeze from time to time. Looking forward to a more stable version.
Best regards Claes
Posted by: Claes | February 20, 2008 1:30 PM
Regarding your article on A2 finding Ultimate Security on a routine scan. I have had A2 for sometime now & it has never found this, until today after I'd downloaded Comodo's Firewall. I assume this is part of the package as it scans your computer before installing itself.
Posted by: Eric Sheldon | February 23, 2008 10:25 AM
these trees just their neighborhood by themselves exploring It is with my
Posted by: universityau | February 26, 2008 1:58 PM
plants personalities. to it cutting off acorns
Posted by: freeland | February 27, 2008 12:46 AM
Hi! http://cheap-drugs.net/product_zithromax.htm zithromax
Posted by: zithromax | March 26, 2008 3:44 PM
Hi! http://cheap-drugs.net/product_levitra.htm levitra
Posted by: levitra | March 27, 2008 4:16 AM
Posted by: zithromax | April 10, 2008 3:15 PM
Useful site. Thanks.
http://www.alz-edu.org/webwizforum/forum/forum_posts.asp?TID=957 stop smoking patch
Posted by: stop smoking patch | April 22, 2008 1:41 PM
Useful site. Thanks.
http://www.alz-edu.org/webwizforum/forum/forum_posts.asp?TID=957 stop smoking patch
Posted by: stop smoking patch | April 22, 2008 1:41 PM
Useful site. Thanks!!
http://www.alz-edu.org/webwizforum/forum/forum_posts.asp?TID=966 levitra
Posted by: levitra | April 22, 2008 5:38 PM
Useful site. Thank you.
http://www.yourhealthforum.com/forum/forum_posts.asp?TID=2210 fexofenadine
Posted by: fexofenadine | April 25, 2008 1:39 AM
Useful site. Thanks:-)
http://www.yourhealthforum.com/forum/forum_posts.asp?TID=2218 theophylline
Posted by: theophylline | April 25, 2008 3:52 AM
Useful site. Thank you!!!
http://www.yourhealthforum.com/forum/forum_posts.asp?TID=2227 rhinocort
Posted by: rhinocort | April 25, 2008 6:14 AM
Useful site. Thank you!!!
http://www.yourhealthforum.com/forum/forum_posts.asp?TID=2228 flonase
Posted by: flonase | April 25, 2008 6:31 AM
Useful site. Thanks.
http://www.alz-edu.org/webwizforum/forum/forum_posts.asp?TID=1317 cordarone
Posted by: cordarone | May 2, 2008 5:12 PM
Useful site. Thank you!!
http://www.alz-edu.org/webwizforum/forum/forum_posts.asp?TID=1335 zetia
Posted by: zetia | May 2, 2008 7:19 PM
Useful site. Thanks!!!
http://www.alz-edu.org/webwizforum/forum/forum_posts.asp?TID=1398 cyklokapron
Posted by: cyklokapron | May 3, 2008 3:08 AM
Useful site. Thank you!!
http://www.alz-edu.org/webwizforum/forum/forum_posts.asp?TID=1461 geriforte
Posted by: geriforte | May 3, 2008 9:35 AM
The comments to this entry are closed.
Rough 24 hours for Windows users - 81.01% affected
> http://secunia.com/blog/20
7 February 2008
...add to that the Firefox update and the M$ "Dirty Dozen" for Tuesday...
'Anything productive going to get done, as in "work"?
.