ModSecurity Vulnerabilities Fixed

ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two vulnerabilities which could be used to cause a denial of service (DoS). The first vulnerability is fixed in version 2.5.8 and the second (as it was disclosed after version 2.5.8 was already frozen) is fixed in version 2.5.9. Because of this, the 2.5.8 release should be disregarded in favor of 2.5.9. Both vulnerabilities, however, have workarounds until ModSecurity can be upgraded/patched. […]

Read More…

The Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work with your support. […]

Read More…

Crash in nsTextFrame::ClearTextRun() – Firefox 3.0.9

Mozilla Foundation Security Advisory 2009-23

Title: Crash in nsTextFrame::ClearTextRun()
Impact: Critical
Announced: April 27, 2009
Reporter: Marc Gueury, Daniel Veditz
Fixed in: Firefox 3.0.10

One of the security fixes in Firefox 3.0.9 introduced a regression that caused some users to experience frequent crashes. Users of the HTML Validator add-on were particularly affected, but other users also experienced this crash in some situations. In analyzing this crash we discovered that it was due to memory corruption similar to cases that have been identified as security vulnerabilities in the past. […]

Read More…