Following the Mozilla Firefox browser update yesterday, Opera has released an update due to a vulnerability in BitTorrent header parsing which can be exploited by malicious people to compromise a user’s system. The vulnerability description from Secunia:

“The vulnerability is caused due to Opera using already freed memory when parsing BitTorrent headers and can lead to an invalid object pointer being dereferenced. This can be exploited to execute arbitrary code, when the user is tricked into clicking on a specially crafted BitTorrent file and then removes it via a right-click from the download pane.”

Update to Opera 9.x.

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Last week, a highly critical risk was reported, with proof of concept, involving registering a “firefoxurl://” URI (uniform resource identifier) handler on a computer with both IE and Firefox 2.0 (or later). This was described by Mozillazine as follows:

“When installed on Windows, Firefox registers a URL protocol handler to handle firefoxurl:// URLs (this works much like a http:// or ftp:// URL protocol handler). If an IE user visits a webpage that tries to call a firefoxurl:// URL (for example, using an iframe), IE will launch Firefox with no further prompting, passing it the URL. Neither IE nor Firefox escape or sanitise the URL, which allows an attacker to inject additional parameters into the command line used to invoke Firefox. Used in combination with the -chrome parameter, the attacker can make Firefox execute dangerous JavaScript code.”

If you read the above-referenced Mozillazine article, note the finger pointing as to whether the problem is caused by IE for passing untrusted data to another application or by Firefox for not validating input properly. Regardless of where the problem resides, Mozilla reacted quickly and included the fix in Firefox 2.0.0.5.

Note: By default, Firefox automatically checks for updates. If you have changed that setting, go to Menu > Help > Check for updates.

Included in Firefox 2.0.0.5:

• MFSA 2007-25 XPCNativeWrapper pollution
• MFSA 2007-24 Unauthorized access to wyciwyg:// documents
• MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
• MFSA 2007-22 File type confusion due to %00 in name
• MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
• MFSA 2007-20 Frame spoofing while window is loading
• MFSA 2007-19 XSS using addEventListener and setTimeout
• MFSA 2007-18 Crashes with evidence of memory corruption

References:

• Firefox Download Page
• Release Notes

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Going around as spam. I’ve had about five of them and SunBelt got them too. This is obviously a fake and never came from admin AT microsoft DOT com.

(Click to Enlarge)

You can see the source code here (pdf format). And the image isn’t as you have guessed hosted at microsoft. Once you click on the image you get a trojan. See the VirusTotal results here. So if this one comes into your inbox or junk box, delete!

If you have been affected by this or wish to discus it in more detail, visit our forum here.

Mozilla updated both supported versions of Firefox to 2.0.0.3 and 1.5.0.11, respectively, with a security and stability update. See Security Advisory 2007-11.

It is strongly recommended by Mozilla that the update be installed as soon as possible. If you have turned off the update notification, you can manually “check for updates” from the Help menu.

Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2.

Discuss any problems or questions about the update in the forum topic here.

Update time again for Firefox users. They have released version 2.0.0.2 to which I got a suprise. Java version 6 came up as a none compatible add-on! (checked and seems to be working fine!)

What the new things are in this version:

• Security Update: The following list of security issues have been fixed.
• Windows Vista Support: Many enhancements and fixes for Windows Vista are included along with the following caveats.
• New Languages: Beta releases for several new languages are now available for testing.
• Permissions Bug Fixed: In the German (de) locale on Windows and Linux, resolved a problem with certain files tagged as read-only.

Release Notes / Direct Download / just click on Help then Check for Updates in the Firefox browser. You can also discuss it here.

Nothing major this but almost as interesting as bread and butter pudding!

Since IE 7 and FF 2.0 were released many of us have been interested to know how quick users are to install the new versions. Like Bill Pytlovany, from WinPatrol, posted some weeks ago.

At the time of the post some 11.7% of his visitors upgraded to IE 7. On our own stats we had around 6.5% using the new version compared to 50% of our visitors still using IE 6.

As for users with Firefox, some 2.6% upgraded to version 2 and 27.4% stuck with 1.5.0.7. But what are our stats now? Some two to three week later?

Well it has stabilized. But users seems to have upgraded to FF 2.0 more from previous versions than users upgrading from IE 6 to IE 7:

Internet Explorer (12 of Nov 2006)
IE 7.0 - 12.6 %

IE 6.0 - 46.6 %

Firefox (12 Nov 2006)

FF 2.0 - 15 %

FF 1.5.0.8 - 2.5 %

FF 1.5.0.7 - 9.5 %

These are of course very rough stats and will never show the true stats for the whole internet. But it does give you an idea.

On top of this. I found something interesting. I found some wondering why I recommend this site to be ‘best viewed with a 1024×768 resolution using the FF browser‘.

Well at the time I created this site, before the new versions came out, it was best viewed in FF for various reasons. However it now seems that it looks and works better in IE 7 than in IE 6. I haven’t updated this yet as it seems many users are still using earlier browser versions.

As to the resolution. I’ve always used the one mentioned. Plus I modified the site in this resolution. However there are a few updates in the pipeline for this homepage. So that hopefully anyone who visits us can view this site with no problem at all.

You can discuss the stats or anything related to this article in our forum.

My eyes allmost popped out of their sockets, while i was reading this blog from Temerc.

It says, that repairing Windows XP, while IE 7 is installed, is not possible … at least if you want to keep using Internet Explorer.

Another goof-up by Microsoft? It certainly seems that way.

In this support-article, Microsoft says:

Before you perform a repair installation of Microsoft Windows XP, you must uninstall Microsoft Internet Explorer 7 from the Windows XP-based computer. If you perform a repair installation of Windows XP when Internet Explorer 7 is still installed, Internet Explorer will not work after the repair is completed.

To resolve this issue, uninstall Internet Explorer 7 from the computer, and then install Internet Explorer 6. After Windows XP is repaired, you can reinstall Internet Explorer 7.

… and why all that trouble? Quite simply because the new IE7-files aren’t compatible with the old IE6-files, wich are installed in the system32-folder of Windows.

So, basically, after repairing Windows, you have 2 partly installed IE versions, wich both fail to work!

Keep it in mind, IE7-users!

As a direct download. Not yet part of the automatic updates. But it is available. So much I am using it right now!

It looks pretty funky really. This from someone who never installed the beta versions of IE7. This is pretty much my first hand-on experience with it.

This new version as you know is the first version update for years. So using IE 6 for so long. Then using the new version is a bit mind blowing as it looks totallly different!

What features does it have?

• Tabbed Browsing

• Quick Tabs which loads all current tabbed windows into one screen so you can navigate to a site quick.

(Click to Enlarge)

• Pop-Up blocker
• Phishing Filter which allows you to also report any websites

(Click to Enlarge)

And much more. You can customize it so that it looks similar to your old version. By that I mean the Menu Bar.

I will take some time to get use to it. There is a guide you can follow on how to install it with ease.
Links of interest:

• Installation Guide
• Internet Explorer Home-Page

I am hopefull of making a guide of my own soo. You can also bookmark a topic from our forum if you wish. I will keep all news regarding this version in there. Click here.