Mozilla to pay up to $10,000 for security bug reports

mozilla security logoMozilla has announced an important update to its Client Bug Bounty Program which aims to attract white hat hackers to look into Mozilla code, detect vulnerabilities, create exploit cases and report them to Mozilla to have it fixed before the bug can cause any harm to users. Continue reading Mozilla to pay up to $10,000 for security bug reports

Firefox, Thunderbird update to fix a PNG related security bug

Mozilla has released Firefox 10.0.2, as a quick update to the recent major update. According to Mozilla Security Blog, a vulnerability was discovered in libpng, the official reference PNG library used by Firefox, Thunderbird, and plenty of other software titles, which could allow a maliciously crafted image to run arbitrary code in a user’s machine.

If you have already received the update ensure to restart as soon as possible to have the change in place. If not, in the Firefox button, select About Firefox in the Help menu to check and update if necessary.

Firefox 3.6.12 update fixes zero day vulnerability

Mozilla has issued a quick update for Firefox 3.6 to address a critical vulnerability discovered last Monday and announced in several sites the next day.

According to the bug report, a malicious web site is already attempting to exploit the vulnerability, making this a zero day kind of problem.

To fix this, click on Check for Updates… in the Help menu, and follow the onscreen instructions.

Firefox security bounty hunting at 12

Alex Miller, is a 12-year old kid who enjoys playing guitar and badminton in Willow Glen, California. He also is a bounty hunter who has recently reached pre-teen rich and famous status for finding and reporting a security bug in Firefox, earning the $3000 bounty in the process.

As usual with security bug reports, there is no word at this point on the nature of the vulnerability, but we will probably see it fixed in the next Firefox 3.6 update.


Protect your PC from Adobe Reader/Flash vulnerability

Adobe has announced a critical vulnerability in Reader 9.3.2 and earlier, and Flash Player and earlier, that could let attackers take control of users PCs.

There is no patch available at this time, but Adobe suggests installing Flash Player 10.1 (currently in release candidate status) to mitigate the risk. For Reader and Acrobat (on Windows):

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.