Posts Tagged ‘high severity’
Wednesday, May 15, 2013 @ 03:05 PM gHale
With the release of Firefox 21, Mozilla closed its Maintenance Service vulnerability that could lead to privilege escalation and three critical holes.
In addition, officials also closed off flaws in the ESR release of Firefox 17.0.6 and, although only one is exploitable on the Mozilla email client, Thunderbird 17.0.6 and its ESR release. Users should upgrade as soon as possible.
Although only rated as high severity, two of the flaws center around the Mozilla Maintenance Service. One is a new local privilege escalation hole which would allow an attacker with access to the local file system to get system privileges through the Maintenance Service. Mozilla said this flaw is not exploitable from the web. The other is a failure to update registry entries when updating, which left the browser exposed to previous privilege escalation holes in the Maintenance Service where Firefox version 12 previously ended up installed.
Rated as critical, is a collection of six out-of-bound, invalid write, or heap use-after-free memory corruption problems discovered by a member of the Google Chrome Security team. Some of the problems were potentially exploitable and allowed for remote code execution. Also rated as critical, but not exploitable in Thunderbird because scripting is disabled, are a use-after-free after resizing a playing video and another collection of memory safety issues.
There are also fixes at a high severity for DOM SVG Zoom events and a XSS-related access vulnerability. Finally, there was moderate-rated problem where information about paths could leak. Again, most of these issues affect Thunderbird but some may not be exploitable because of disabled scripting.
Updates to Firefox 21 and Thunderbird 17.0.6 should go through the automatic update system in each application; if users have disabled updates, the new versions are on the Firefox and Thunderbird download pages. Firefox 17.0.6 ESR and Thunderbird 17.0.6 ESR can also download, though users should remember these versions are for larger organizations.
Friday, February 22, 2013 @ 02:02 PM gHale
Google fixed nine high-severity vulnerabilities in its Chrome browser, as well as a dozen other flaws with the release of Chrome 25.
In Chrome 25 Google also disabled the MathML implementation in the browser, fixing what it said is a serious security problem.
“We’ve also resolved a high severity security issue by disabling MathML in this release. The WebKit MathML implementation isn’t quite ready for prime time yet but we are excited to enable it again in a future release once the security issues have been addressed,” said Jason Kersey of Google.
In addition to that fix and the patches for nine high-risk security bugs, Google also repaired 12 other vulnerabilities. The full list of vulnerabilities fixed in Chrome 25:
• High CVE-2013-0879: Memory corruption with web audio node.
• High CVE-2013-0880: Use-after-free in database handling.
• Medium CVE-2013-0881: Bad read in Matroska handling.
• High CVE-2013-0882: Bad memory access with excessive SVG parameters.
• Medium CVE-2013-0883: Bad read in Skia.
• Low CVE-2013-0884: Inappropriate load of NaCl.
• Medium CVE-2013-0885: Too many API permissions granted to web store.
• Medium CVE-2013-0886: Incorrect NaCl signal handling. (Mac only).
• Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
• Medium CVE-2013-0888: Out-of-bounds read in Skia.
• Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
• High CVE-2013-0890: Memory safety issues across the IPC layer
• High CVE-2013-0891: Integer overflow in blob handling.
• Medium CVE-2013-0892: Lower severity issues across the IPC layer.
• Medium CVE-2013-0893: Race condition in media handling.
• High CVE-2013-0894: Buffer overflow in vorbis decoding.
• High CVE-2013-0895: Incorrect path handling in file copying (Linux/Mac).
• High CVE-2013-0896: Memory management issues in plug-in message handling.
• Low CVE-2013-0897: Off-by-one read in PDF..
• High CVE-2013-0898: Use-after-free in URL handling.
• Low CVE-2013-0899: Integer overflow in Opus handling.
• Medium CVE-2013-0900: Race condition in ICU.
Monday, January 28, 2013 @ 01:01 PM gHale
Google released Chrome 24.0.1312.56 to the stable update channel of the open source browser, which closes five security holes, three of which are high severity, and fixes problems with mouse wheel scrolling.
Atte Kettunen of the Oulu University Secure Programming Group in Finland received $1000 for the discovery of a high severity use-after-free vulnerability in the font handling of the HTML5 canvas.
Ted Nakamura of the Chromium development community found a Mac OS X-only crash problem with unsupported RTC sampling rates, also rated with a high severity.
The last of the high-severity-rated holes, an unchecked array in Chrome’s content blocking, ended up fixed by the Chrome Security Team. In addition, two medium severity issues also ended up fixed.
The mouse wheel scrolling problem fixed in this update concerned situations where the browser would scroll one pixel per mouse wheel interaction when it was actually set to scroll one screen at a time. Install problems for multiple user setups under Windows when Chrome installed with administrator privileges also ended up fixed.
Chrome 24.0.1312.56 is available for Windows, Mac OS X and Linux, and as the Chrome Frame plugin for Microsoft’s Internet Explorer browser.
All versions of Chrome should update themselves automatically; on some mobile platforms the user will be prompted to perform the update. Chrome uses the open source Chromium browser project run by Google.
Wednesday, November 21, 2012 @ 09:11 AM gHale
The 12.11 release of Opera’s web browser addresses a high-severity security vulnerability that could allow a remote attacker to execute arbitrary code on a victim’s system.
The problem in previous versions of the browser was because of an error when handling HTTP responses that caused a heap-based buffer overflow, the company said.
For an attack to be successful, a victim must first visit a maliciously crafted site.
The update also closes a low-severity security hole that could detect what files a user has on their machine.
Non-security-related changes include fixes for several issues related to the SPDY networking protocol, a problem that prevented Google’s Gmail email service from loading, and a crashing bug under Mac OS X. Opera advises all users to upgrade to the latest version.
Opera 12.11 is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris from the company’s site.
Friday, November 9, 2012 @ 09:11 AM gHale
In addition to closing several security holes, the latest stable release of Google’s Chrome web browser promises to improve battery life for some users and includes support for the Do Not Track (DNT) header.
Version 23 of Chrome addresses 15 security vulnerabilities in the browser, 6 of which officials rate as “high severity.”
These vulnerabilities include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk also ended up fixed.
As a part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a series of critical vulnerabilities, all of which the Google Security Team discovered.
Meanwhile, other enhancements for systems with dedicated graphics chips that support Chrome’s GPU-accelerated video decoding, version 23 of the WebKit-based browser significantly reduces power consumption. Google said batteries lasted on average 25% longer in its tests when they enabled GPU-accelerated video decoding compared to only using a system’s CPU when streaming online videos.
The new version is the first stable release to include support for the Do Not Track privacy setting. Originally proposed by Mozilla, DNT is a developing standard that tells web sites the browser user wishes to opt-out of online behavioral tracking. Do Not Track is not turned on by default in Chrome 23; users can enable DNT by selecting Settings, Show advanced settings and checking the box next to “Send a ‘Do Not Track’ request with your browsing traffic.”
Thursday, September 27, 2012 @ 04:09 PM gHale
Although there are only a few enhancements in the latest Chrome release, version 22, there are also more than 40 security holes closed.
Chrome 22 closes more than 40 security holes, of which one is critical and 19 rate as “high severity” by the company.
Other problems corrected include use-after-free issues in onclick handling and SVG text references, out-of-bounds writes in the Skia graphics library, a buffer overflow in SSE2 optimizations, an integer overflow in WebGL on Mac systems, and 18 separate issues in the PDF viewer.
In all, Google paid out a record $29,500 to security researchers for discovering and reporting these holes as part of its Chromium Security Vulnerability Rewards program; the previous record was $26,511 for holes closed in Chrome 15 from October last year.
As is usual with these fixes, further details about the underlying security holes are not available to give users time to update to the new version. The developers also note the Beta channel updated to version 22.0.1229.79; Chrome 23, which is currently in the Dev channel, should go to Beta status in the coming weeks.
Among the non security changes are further enhancements for Chrome’s support for the Windows 8 operating system, and better support for HiDPI screens such as Apple’s MacBook Pro Retina display.
For developers, Chrome 22 introduced support for the Pointer Lock API. Sometimes referred to as Mouse Lock, this API enables developers to create web applications that better control how to use the mouse and how it interacts with the browser itself. This can be especially useful for web-based 3D games such as first-person shooters to prevent the mouse from moving outside of the current window or hitting the edge of the screen when controlling the perspective.
Further information about the release, including a full list of security fixes, is in a post on the Google Chrome Releases blog. Users can download Chrome 22.0.1229.79 from google.com/chrome for Windows, Mac OS X and Linux, while existing users can upgrade using the built-in update function. Chrome comes from Chromium, the open source browser project run by Google.
Friday, July 13, 2012 @ 03:07 PM gHale
There is a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser, Google officials said.
While it may not seem like quite a few, but version 20.0.1132.57 of Chrome addresses three vulnerabilities, but the company rates them all in the “high severity” category.
These include two use-after-free errors in counter handling and in layout height tracking discovered by a security researcher by the name of “miaubiz.”
As part of its Chromium Security Vulnerability Rewards program, Google paid the researcher, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting each of the holes.
Google also updated the Stable Channel of its ChromeOS operating system, currently available only on Samsung and Acer’s Chromebook notebooks, to version 20, just over two weeks after Google released the Chrome 20 browser June 26. ChromeOS 20.0.1322.54, based on the open source Chromium OS project, includes the security and stability improvements from Chrome, while also adding support for Google Drive, using Google Docs offline and other enhancements.
Chrome 20.0.1132.57 is available to download for Windows, Mac OS X and Linux from google.com/chrome; existing users can upgrade via the built-in update function. Chrome comes from Chromium, the open source browser project run by Google.
Wednesday, May 2, 2012 @ 11:05 AM gHale
Google released a new update to the stable 18.x branch of its Chrome web browser to close security holes in the application.
The update, labeled 18.0.1025.168, addresses five vulnerabilities, three of which fall into the “high severity” category.
These include use-after-free problems in floating point handling and the XML parser. The AddressSanitizer detected all of these bugs.
As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of “miaubiz”, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. The company also fixed two medium risk problems related to IPC validation and a race condition in sandbox IPC.
Further information about the update is in the announcement post on the Google Chrome Releases blog. Chrome 18.0.1025.168 is available to download for Windows, Mac OS X and Linux from google.com/chrome; existing users can upgrade using the built-in update function.
Friday, March 30, 2012 @ 04:03 PM gHale
In a move to close security holes, Google released version 18 of Chrome, the company’s own extended version of the open source Chromium web browser.
The new Stable channel release, labeled 18.0.1025.142, fixes security vulnerabilities, and improves graphics and drawing performance on systems with capable hardware.
This can happen by adding support for GPU-accelerated rendering of 2D Canvas content on Windows and Mac OS X systems. The GPU acceleration should improve the overall performance of graphics-intensive web applications, making canvas-based animations and games “run faster and feel smoother,” according to the developers.
For older systems that can’t make use of the GPU, Chrome can now display 3D content using the SwiftShader software rasteriser, which Google licensed from TransGaming, Inc. However, the developers note “a software-backed WebGL implementation is never going to perform as well as one running on a real GPU, but now more users will have access to basic 3D content on the web.”
Google also closed off a low-severity bug used by a hacker going by the name of “Pinkie Pie” during the Pwn2Own competition at CanSecWest. Google’s Karen Grunberg said some of these “represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.”
As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $4,000 for discovering and reporting the holes – $8,000 in additional rewards went for security bugs reported to the company during the development cycle of Chrome 18. The company withheld details about the vulnerabilities until “a majority of users are up-to-date with the fix.”
Thursday, March 29, 2012 @ 12:03 PM gHale
Opera released version 11.62 of its web browser which fixes bugs, improves overall stability, and closes seven security holes, five of which affect all supported platforms.
Two of the vulnerabilities rate as “high” severity and an attacker could exploit them to download and execute a malicious file. This occurs by tricking a victim into clicking a hidden dialogue box or by entering a specific keyboard sequence.
Three other problems rated as “low” severity, and ended up fixed, include an address spoofing bug, an address bar problem and a cross-domain information disclosure bug. Officials also fixed a moderate vulnerability affecting Opera for Mac and a low risk bug on Linux/Unix.
Non-security related bugs fixed include problems with the WebM decoder that caused it to freeze and a bug when scrolling the Facebook chat window. The browser now supports a full refresh with Ctrl+F5 and Shift+F5, ignoring the cache. The email client also now remembers the last selected email.
Further information about this update, including a full list of bug fixes, can be found in the Windows, Mac and Unix change logs. Opera 11.62 is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris.