The fox jumps over the VPN crypto

| No Comments

I don't know how I managed to miss security update 1.0.4 for firefox, but I did. It was released on the 11th, and fixes the following issues :

MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL

It also fixes some DHTML errors, although those are not security related. The other three though, are classified as critical, so if you haven't updated yet, this would be a good time to do so!

Unrelated to firefox, but still security news : If you happen to use VPN to connect remotely to the office, it may be a good idea to to point out to your administrator that some setups are vulnerable and much less secure as they appear. I don't have any real VPN experience, but it has got something to do with cryptographic weaknesses used in sub-keys. A technical explenation along with proposed solutions can be found at the NISCC website, or you could read the article at The Register for a less technical overview of the problem.

Leave a comment

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on May 13, 2005 10:22 AM.

Hindsight is 20/20, as they say. was the previous entry in this blog.

Idiots is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.