The team behind the popular browser extension FoxyTunes is hard at work on a new mashup site that integrates the music controls of FoxyTunes with an aggregation tool to give you more information and media about your favorite musical artists and new discoveries.
Each FoxyTunes Planet artist page has several customizable widgets. There are Flickr photos, YouTube videos, albums for sale from Amazon, and even various Internet radio stations such as HypeMachine and Last.fm where you can listen to the band's other songs. If you're like me, you might be listening to a Shoutcast feed on iTunes … Read more
-- IE 7 reaches 100 million users. Even with all those users, it still comes in second to Internet Explorer 6, which makes sense considering IE6 is the default browser on nearly every single PC. (News.com)
-- Report: Apple to charge some Mac users for wireless technologies. 802.11n, the next-generation wireless protocol, has secretly been shipping in Apple's computers for the past several months, but that functionality hasn't been … Read more
There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted … Read more
This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.
Additional Resources:French Security Incident Response Team: ADV-2006-2814 BrowserFun: #15 National Institute of Standards and Technology: CVE-2006-3458
The researchers contacted Adobe in October with their findings and only recently made their work public. Adobe has … Read more
This vulnerability restricts information from other domains via an object tag. A data parameter within that tag references a link on the attacker's originating site. The link on the attacker's originating site then specifies a Location HTTP header on a target site. The flaw makes that potentially malicious content available through the outerHTML attribute of the object.
On August 8, 2006, Microsoft issued MS06-040, a cumulative patch for Internet Explorer, that addresses this vulnerability.
Additional Resources:Vendor Patch Information: MS06-042 IST CVE #: CVE-2006-3280 Secunia advisory: 20825
This vulnerability is caused by an error in the HTML Help ActiveX control (hhctrl.ocx). When handling the "Image" property within an HTML file, the vulnerability can be exploited by using a long string to cause memory corruption (buffer overflow). Successful exploit could lead to the execution of remote code on a compromised PC.
Additional Resources:Mitre. org: CVE-2006-3657 Secunia advisory: 20906
The Internet Explorer HTA Application Execution was assigned two vulnerability numbers by the National Institute of Standards in Technology National Vulnerabilities Database. The vulnerability in Inter Explorer allows remote attackers to execute arbitrary code via a link to an SMB file share, and the flaw itself might be within other components used by the Microsoft browser. If executed, the vulnerability may disclose potentially sensitive information and potentially compromise a user's system. Exploitation requires user interaction, however.
On August 8, 2006, Microsoft released two patches which addressed these vulnerabilities.
Additional Resources:Microsoft patch: MS06-045 Microsoft patch: MS06-042 Mitre.org CVE #: … Read more
Clearly this is a hoax, but someone mashed up the Microsoft Internet Explorer home page with that of Mozilla Firefox to create the MS Firefox page. It's not too far fetched; Mozilla Firefox is open-source software and already Hacktivismo has based their TorPark browser on Mozilla Firefox 1.5, and Microsoft recently said it is exploring open-source solutions--but this is too much. For example, under the Security tab, the MS Firefox site says: "A robust new Microsoft security architecture known as TakeOver helps to protect the Windows Kernel from malicious, damaging and viral software such as Symantec and … Read more