ush.it - a beautiful place

Clientside security: Hardening Mozilla Firefox

July 25, 2007 at 9:55 pm - Filed under Reports, Language EN - 652 words, reading time ~2 minutes - Permalink - Comments

I'm sure you have already heard of the many external protocol handling vulnerabilities that hitted Firefox lately. Normally on this site you read about "in-security", this article is a little exception since it contains some tips that anybody can adopt to harden his preferred http/https client, also named Mozilla Firefox, thought the about:config interface.

Flash Player/Plugin Video file parsing Remote Code Execution

July 13, 2007 at 5:28 pm - Filed under Insecurity, Language EN - 216 words, reading time ~0 minutes - Permalink - Comments

Stefano Di Paola with contribution from Giorgio Fedon (both from a brand new security research company, MindedSecurity) and Elia Florio have just released the details about a Remote Code Execution flaw in Flash Plugin 9 independent from the OS. Parsing a flv with adobe flash player it's possible to trigger an exploitable integer overflow.

THP USH Wisec DigitalBullets