Web Hosting Blog

Mozilla has released an updated version of Firefox browser. This new release covers 11 vulnerabilities that exposed users to code execution information stealing or denial of service attacks.

4 out of 11 vulnerabilities were considered critical.

The 4 critical vulnerabilities are as follows :

1. MFSA 2008 53 XSS and JavaScript privilege escalation via session restore. The feature available with the Firefox browser of session restore has a flaw of violating the same origin policy and run JavaScript in another site. This vulnerability could also be used by an attacker to run arbitrary JavaScript with chrome privileges.
2. MFSA 2008 55 Crash and remote code execution in nsFrame Manager. This vulnerability was a part of Mozilla’s DOM code which could be exploited by modifying properties of a file input element before it finishes initiating. An uninitialized memory is accessed by the browser which resulted in crash. The crash might be used by an attacker to run arbitrary code on the victim computer.
3. MFSA 2008 52 crash with evidence of memory corruption. The developers of Mozilla identified and fixed many stability bugs in the browser engine used by Firefox and other Mozilla products. Some showed evidence of memory corruptions under certain circumstances
4. MFSA 2008 54 buffer overflow in http index format parser. In this flaw Mozilla parsed the http index format MIME type. By sending a specially crafted 200 header line in the http index response an attacker can cause the browser to crash and also run arbitrary code in the victims computer.

All these critical 4 faults have been fixed along with the rest not so critical flaws.

Flash Player products are prone to clickjacking attacks due to a security defect as addressed by Adobe Systems.

Flash Player 10 was re-introduced into the market on Wednesday which has a fix for the flaw which was reported by Adobe systems.

Due to the susceptibility to clickjacking attacks, Adobe Flash Player 9.0.124.0 and the other previous products has security defect that needs to be fixed as Flash Products alongwith various browsers like Internet explorer, Firefox, Opera and Safari are prone to the attacks.

The new update can also prevent clickjacking attacks on users web cameras and microphones. The update contains four more security fixes which has improvement against clipboard attacks and a fix for port- scanning attacks.

What is Clickjacking?

Clickjacking is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website. In technical terms it is also known as user-interface (UI) redressing and IFRAME overlay. The host website or a particular web page may be a genuine site which has been hacked. The attacker fools the user to visit a site via online links or e-mails.

Hello,

There are many command used in DOS application, Few of the then are very useful and frequently used by end user.

Ping : Ping is the network command used to verify the connection and inform you the status of requested server.
It is very simple command ,ping followed by IP address or web-address.
eg. ping micfo.com

ipconfig: Internet Protocol Configuration
It shows your TCP/IP address and associated information .This command is commonly used for checking your internet connection, It result the the IP address and of your local computer as well as DNS server.

You can use this command with various combination for getting complete information of your computer.

ipconfig /all : Display full configuration information

ipconfig /release : Release the IP address for the specified adapter

ipconfig /renew : Renew the IP address for the specified adapter.

ipconfig /flushdns : Purges the DNS Resolver cache.

ipconfig /registerdns : Refreshes all DHCP leases and re-registers DNS names

ipconfig /displaydns : Display the contents of the DNS Resolver Cache.

ipconfig /showclassid Displays all the dhcp class IDs allowed for adapter.

ipconfig /setclassid Modifies the dhcp class id.

netstat - Network statistics

This command will show you network statistics and current TCP/IP settings. netstat -a to show all connections and listening ports

msconfig - Using this command you will get the ini files, which specify what loads on your system

dir : lists files in current directory

Now there are many more dos commands…