eComTechnology Wordpress

Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

The vulnerability, rated “highly critical” by Secunia, can be exploited by malicious people to take complete control a user’s system.

From Secunia’s advisory:

The vulnerability is caused due to an error when processing HTTP responses having a malformed “Content-Length” header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit “Content-Length” value, having the higher 32-bit part negative.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected.

In the absence of a patch, Opera users are urged to avoid browsing to untrusted Web sites or switch to an alternative browser.

Related articles by Zemanta

• Opera users baffled by vulnerability warnings (v3.co.uk)
• Opera Software to patch browser vulnerability soon (infoworld.com)

Google has filed at least four patent applications for technology it is building into its Chrome browser to try to make the web a more powerful foundation for applications.

Three patent applications concern Google’s Native Client, a technology for letting downloaded software modules run directly on a processor rather than more slowly through on-the-fly decoding as with the commonly used JavaScript. The fourth patent application involves O3D, a technology to let browser applications take advantage of 3D acceleration of graphics hardware.

Ultimately, Google hopes to standardize the technology so all browsers can use it, though it is not waiting for a standard. “Native Client so far is outside any standards process. We’re in discussions with other browser vendors on how to move that forward. We’d like to see all these things standardized,” said Linus Upson, engineering director for the Chrome browser and Chrome OS, in an interview in December.

Microsoft today shipped six bulletins with patches for a total of 12 documented security vulnerabilities in a wide range of widely deployed software products.  Three of the six bulletins are rated “critical,” Microsoft’s highest severity rating.

The most serious issues affect the company’s Internet Explorer browser, including the newest IE 8 on Windows 7.The Internet Explorer bulletin (MS09-072) covers five documented vulnerabilities that affect all supported versions of the browser (IE 5, 6, 7 and 8).  As previously reported, there is public exploit code available for one of the IE vulnerabilities

Related articles by Zemanta

• Patch Tuesday (ecombizcenter.blogspot.com)

Mozilla released Firefox 3.5.4 on Tuesday to patch six critical security holes and some other problems.

The new browser version also improves stability and fixes a problem with clearing browser history, according to the release notes. Mozilla updated the corresponding version of its earlier browser to fix some of the same security problems by issuing Firefox 3.0.14.

The six vulnerabilities potentially could let remote attackers take over the computer by running their own software on the machine. For details, check the Firefox security site.

Meanwhile, Mozilla is on the brink of releasing the first beta of Firefox 3.6, a version that will add the Personas feature for a customizable look. Mozilla, trying to move to a faster Firefox release cycle, is debating whether to issue 3.6 as a minor release that arrives automatically or a major release that people must actively download.

Some new fruits of Mozilla’s effort to speed Firefox development are about to arrive.

Mozilla plans to release the first beta version of 3.6 this weekend or early next week. But what exactly is coming in the new version and its successors?

Mike Shaver, Mozilla’s vice president of product development, and John Lilly, Mozilla’s chief executive, detailed some of the browser’s future in an interview at the corporation’s headquarters here. And the company has an aggressive schedule, with three releases due within about a year.
The present version of Firefox was to have been called 3.1, but with significant new features, it became Firefox 3.5–and arrived later than 3.1 had been planned. Version 3.6 is slated for release in final form this year, with 3.7 in the first half of next year and 4.0 about a year from now, Lilly said.