Many updates for Windows, Java, Adobe, Thunderbird and Firefox

This week has been a very busy one for Microsoft, Sun, Adobe and Mozilla Foundation.

We have seen the Microsoft Security Bulletin MS11-037 announcing the patch of some vulnerabilities which may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

Adobe released a Security Bulletin for Adobe Shockwave Player announcing the patch for vulnerabilities which could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions update to Adobe Shockwave Player 11.6.3.633.

Mozilla released Firefox v8 and v3.6.24 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-services condition, obtain sensitive information, or perform a cross-site scripting attack. I strongly advise to upgrade your Firefox to the  latest version using the built-in update mechanism.

In parallel to the Firefox releases, we have seen also a new release of Thunderbird which now is at version 8. Thunderbird v8 fixes some security vulnerabilities as well. Three of these were rated as critical issues: memory corruption while profiling using firebug, code execution and miscellaneous memory issues have been fixed. There are also high-risk vulnerabilities: two cross-origin theft bugs and a potential cross-site scripting (XSS) hole.

Apple has published the Java update Java SE 6 Update 29 for Mac OS X 10.6 Snow Leopard and 10.7 Lion. According to Apple, some of the vulnerabilities fixed in this release could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Users are advised to quit web browsers and Java applications before installing Update 6 for Mac OS X 10.6 and Update 1 for Mac OS X 10.7.

 

Sorin Mustaca

Data Security Expert