ModSecurity Vulnerabilities Fixed

ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two vulnerabilities which could be used to cause a denial of service (DoS). The first vulnerability is fixed in version 2.5.8 and the second (as it was disclosed after version 2.5.8 was already frozen) is fixed in version 2.5.9. Because of this, the 2.5.8 release should be disregarded in favor of 2.5.9. Both vulnerabilities, however, have workarounds until ModSecurity can be upgraded/patched. […]

Read More… from ModSecurity Vulnerabilities Fixed

Crash in nsTextFrame::ClearTextRun() – Firefox 3.0.9

Mozilla Foundation Security Advisory 2009-23

Title: Crash in nsTextFrame::ClearTextRun()
Impact: Critical
Announced: April 27, 2009
Reporter: Marc Gueury, Daniel Veditz
Fixed in: Firefox 3.0.10

One of the security fixes in Firefox 3.0.9 introduced a regression that caused some users to experience frequent crashes. Users of the HTML Validator add-on were particularly affected, but other users also experienced this crash in some situations. In analyzing this crash we discovered that it was due to memory corruption similar to cases that have been identified as security vulnerabilities in the past. […]

Read More… from Crash in nsTextFrame::ClearTextRun() – Firefox 3.0.9