Security researcher/hacker, Michal Zalewski has released a report on a security vulnerability affecting Firefox 126.96.36.199 and possibly earlier versions. The vulnerability could allow a malicious web site to impersonate an authentic one and set a cookie on its behalf. Zalewski recommends this workaround:
If you want to encrypt your sensitive files so that no one can access them without your personal password or decryption key, you have several options. But if you want a free, cross-platform, open source encryption application, try TrueCrypt.
Mark Dowd discovered that the netfilter iptables module did not correctly handle fragmented IPv6 packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules.
A security company has reported two new flaws in the Mozilla Firefox browser that may leave locally saved files vulnerable to outside attacks.
Linux distributor Debian issued a security advisory over the weekend, warning of several problems in Mozilla and associated products such as Mozilla Firefox.
Representatives of Microsoft Corp and the open source community will this week brief members of the UK's House of Lords as part of its ongoing inquiry into personal internet security.
This guide describes how you can automatically scan files uploaded by users through a web form on your server using PHP and ClamAV. That way you can make sure that your upload form will not be abused to distribute malware. To glue PHP and ClamAV, we install the package php5-clamavlib/php4-clamavlib which is rather undocumented at this time. That package is available for Debian Etch and Sid and also for Ubuntu Dapper Drake and Edgy Eft.
iDefense Lab security researchers discovered that the expressions computing the parameters for ALLOCATE_LOCAL() in those functions are using client-provided value in an expression that is subject to integer overflows, which could lead to memory corruption. All X.Org X server version implementing the X render and dbe extensions are vulnerable.
Opera Software may well be putting its browser users at risk by not properly disclosing security vulnerabilities to vulnerable users. At least that's the allegation made by Mozilla Corp.'s Asa Dotzler.