Firefox 2.0 Vulnerable to DoS and Possibly Arbitary Code Execution

A flaw exists in Mozilla Firefox 2.0 that could allow an intruder to crash the browser and potentially execute arbitrary code. The flaw, originally reported to Mozilla Foundation in September 2006 during Firefox 2.0's release candidate stages, wasn't fixed prior to the official release of Firefox 2.0. The vulnerability is the result of a rare condition in which an attempt to free memory could be made twice, thereby causing the browser to crash. The crash causes memory corruption, which can be taken as a sign that there's a potential to execute arbitrary code. A proof of concept demonstration has been published. Mozilla Foundation is aware of the problem, however no security update is available at this time.

IE 7.0 Vulnerable to Window Content Injection

Internet Explorer (IE) 7.0 is vulnerable to window content injection under certain circumstances. When a malicious Web site is open in one browser window and a legitimate Web site is open in another, then the malicious Web site could alter the content of a pop-up window generated by the legitimate Web site. The vulnerability could lead to the exposure of private sensitive information.

Microsoft is aware of the problem and considers the issue to be a known risk that the user should mitigate, therefore it's unlikely that a security patch will be forthcoming. In a message posted to the company's Security Response Center blog, a spokesperson for the company said that IE 7.0 presents an address bar in pop-up windows, where previous versions of IE did not do so. The spokesperson said that the burden is on the user to examine the address bar to ensure that its content is legitimate. "\[People\] should never decide to trust a web page without first verifying both the address of the web page and an SSL connection," the spokesperson said. See the URL below for the blog entry.

Some security analysts think that placing the burden on the user is unreasonable and too risky. These analysts point to the fact that the vulnerability was fixed in other browsers, including Firefox, Netscape, Safari, and Opera.

http://blogs.technet.com/msrc/archive/2006/10/31/information-on-address-bar-issue.aspx

Drupal Vulnerable to SQL Injection

Drupal, a hugely popular open source content management system, is vulnerable to SQL injection attacks. The extremely dangerous vulnerability, present in the Extended Tracker module, is the result of improper sanitation of user-supplied input that could be passed via a URL query string.

The developers are aware of the problem and have released an updated version of the Drupal Extended Tracking module. Versions prior to 1.5.2.1 are vulnerable to attack.

http://drupal.org/node/91358

Yahoo! Messenger Vulnerable to DoS Attacks

A vulnerability in Yahoo! Messenger could allow a remote intruder to crash the messaging client by sending a chat invite using a specially crafted room name. The crash is the result of a null pointer reference. Yahoo! released an updated version of Messenger that isn't vulnerable to this particular attack. The latest version is 8.1.0.195.

http://messenger.yahoo.com