Security Alerts

HTML5 Firefox Plugins

With all the talk recently about the exploits in Flash and Java, users are taking a closer look at their Firefox plugins. A couple plugins users may come across that look a little odd are the ones which provide HTML5 support in Firefox. Now remember, HTML5 Video is suppose to someday replace Adobe’s Flash (for the most part YouTube has been using HTML5 since early this year) and Microsoft’s Silverlight (no longer supported, but still used). These plugins are: Open H.264 Video Codec provided by Cisco Systems – shipped starting with Firefox 33 and allows playing of H.264 encoded content natively via…

Read More

I was checking Amazon.com this morning on my Samsung Galaxy S4 with the Amazon Shopping App. Today is Prime Day so was seeing what they had to offer. I was presented with a pop-up notification to update what I thought was for the Amazon Shopping App. I started the update and the first red flag that came up was it wanted me to Enable Unknown Sources on my device’s security settings. Basically, this is to allow you to be able to install apps outside the Google Play Store. I was somewhat confused why I needed to do this, but went ahead and…

Read More

Third Hacking Team Flash Zero-Day Revealed

On Monday (July 13th), Trend Micro reported the now third bug (CVE-2015-5123) to Adobe’s Security Team.  This comes just as Adobe was getting ready to push out the update 18.0.0.209 which had addressed two Zero Day vulnerabilities discovered with verison 18.0.0.203 earlier. No word yet when Adobe is going to push out a patch for this vulnerability. via: Krebs on Security

Read More

Facebook CSO wants ‘End of Life Date’ for Flash

Adobe is dealing with a a lot of problems in the past week with Flash. Things got a whole lot worse from them this week. On Monday night, Mozilla Blacklisted (disabled) in Firefox, Flash Player version 18.0.0.203 for all Firefox users. On Sunday, Facebook’s new Chief Security Officer took to Twitter and called for Adobe “announce an end-of-life date for Flash,” so that we can finally “disentangle the dependencies and upgrade the whole ecosystem.” Adobe did release Flash Player version 18.0.0.209 earlier on Tuesaday morning. Source: Ars Technica  

Read More

Mozilla Blacklists Flash 18.0.0.203

If you updated your Flash Player Plugin last week to version 18.0.0.203, you will need to update again today in order to use Flash in Firefox. Mozilla has blocked the 18.0.0.203 version of Shockwave Flash which contained security fixes for 0-day vulnerabilities, but was found to contain vulnerabilities itself. Adobe released version 18.0.0.209 ealier this morning which patched two vulnerabilities. To upgrade from within Firefox go to Tools > Add-ons then select Plugins on the left side. Above the list of plugins click the Check to see if your plugins are up to date link. A new tab will open with…

Read More

Adobe Flash is one of those browser plugins that a lot of people can not live without, with Java being a close second. Problem with Flash (and Java) is there are major security exploits that are being discovered daily. Adobe just release an updated for Flash last week and already has plans on releasing another update this week to patch an exploit just discovered in the last fix. Some people such as Grand Stream Dreams blogger Claus have opted to do away with Flash (and other Adobe products) on some their systems: Taking Flash Player out to the Bins. Unfortuantly,…

Read More

Firefox 37.0.2 Released

Mozilla released an update to the Firefox 37 branch on Monday, April 20th with the Firefox 37.0.2 release. This update addressed these issues: Google Maps may render incorrectly in some cases Stability fixes for select graphics hardware and feature sets Mozilla Foundation Security Advisory (MFSA) 2015-45: Memory corruption during failed plugin initialization Depending on their update settings, users will be prompted to update within the next 24-48 hours. Users can also manually update by going to the Firefox Help Menu and selecting About Firefox and follow the prompts to update. Alternatively users can also down and manually install the update…

Read More

Getting Superfish out of Firefox

From the Mozilla Security Blog: First things first: If you are reading this post on a recent Lenovo laptop, please click the lock icon in the URL bar, then click “More Information…”.  If you see “Verified by: Superfish, Inc.”, you are infected with Superfish, and you should follow these instructions to remove it. The Superfish adware distributed by Lenovo has brought the issue of SSL interception back to the headlines.  SSL interception is a technique that allows other software on a user’s computer to monitor and control their visits to secure Web sites — however, it also enables attackers to…

Read More

Claus at grand stream dreams, linked in his recent Anti Virus Software Updates blog posts an interesting article about issues Windows users were having with high CPU load. The culprit as it turns out was an optional (though installed by default) of avast! antivirus (both free and premium versions) called avast NG. The article (which has been Google Translated from another language) includes step-by-step instructions on how to uninstall the unwanted components (warning: restart required to complete the removal) as well as screenshots (in a another language). On my three systems (generic Windows 7 Desktop, HP Windows 7 Laptop and Gateway Windows 8.1),…

Read More

Extension Signing Coming Later in 2015

This is a really good idea as all too often people end up installing extensions (knowingly or unknowingly) which end up making unwanted and undesired changes to their Firefox browser. I don’t think it is going to have that big of a negative impact as this will be a way to prevent the bad extensions from being installed. Problems I could see though would be folks running a fresh install or profile and trying to install an add-on that has been abandoned by the developer. Extensions that change the homepage and search settings without user consent have become very common, just…

Read More