beforeyoukillyourcomputer.com Saving computers one at a time from their owners

This release is a recommended security and stability upgrade. See the Security section for additional information.

Changes Since Opera 9.27

Security

• Fixed an issue where certain characters could obscure the page address, as reported by Tony Thomas. See our advisory.
• Solved an issue where Images could be read cross-domain with canvas, as reported by Philip Taylor. See our advisory.
• Pages held in frames are no longer able to change the location of pages in unrelated frames on the parent page. See our advisory.
• Improved Fraud Protection now includes advanced malware prevention and upgraded phishing detection technologies. See article: Opera Fraud Protection.
• Added support for Extended Validation (EV) certificates.
• Added automatic downloading of trusted root certificates when required.
• Disabled SSL v2 and weak ciphers.
• Improvements made to certificate handling, the new certificate repository and the certificates UI.
• Introduced a new security notification scheme in the address field:

* black padlock with a check mark on green field for secure sites with Extended Validation
* black padlock without a check mark on yellow field for regular secure sites
* question mark on gray field for HTTPS sites with issues
* no notification for normal sites
* fraud warning on red field for blacklisted sites

• Opera now distinguishes between local servers on localhost, intranet servers, and remote servers on the Internet.

* Local servers can use remote resources, but not vice versa.

Download Opera 9.50

Release Notes

This release is a recommended security and stability upgrade. See the Security section for additional information.

Changes Since Opera 9.26

Security

• Fixed an issue where newsfeed prompts could cause Opera to execute arbitrary code, as reported by Michal Zalewski. See our advisory.
• Solved an issue where resized canvas patterns could cause Opera to execute arbitrary code, as reported by Michal Zalewski. See our advisory.
• Improved keyboard handling of password inputs, as reported by Trystan S.

Miscellaneous

• Fixed a BitTorrent transfer stability issue.
• Resolved stability issues with the Acid 3 test.
• Additional stability fixes.

The European Commission has fined US computer giant Microsoft for defying sanctions imposed on it for anti-competitive behaviour.

Microsoft must now pay a record 899m euros ($1.4bn; £680.9m) after it failed to comply with a 2004 ruling that it abused its position.

The ruling said that Microsoft was guilty of not providing key code to rival software makers.

EU regulators said the firm was the first to break an EU anti-trust ruling.

The fines come on top of earlier fines of 280m euros imposed in July 2006, and of 497m euros in March 2004.

“Microsoft was the first company in 50 years of EU competition policy that the Commission has had to fine for failure to comply with an antitrust decision,” Competition Commissioner Neelie Kroes said in a statement.

Future improvements?

An investigation concluded in 2004 that Microsoft was guilty of freezing out rivals in products such as media players, while unfairly linking its Explorer internet browser to its Windows operating system at the expense of rival servers.

The European Court of First Instance upheld this ruling last year, which ordered Microsoft to pay 497m euros for abusing its dominant market position. Last week, the firm announced that it would open up the technology of some of its leading software, including Windows, to make it easier to operate with rivals’ products.

“As we demonstrated last week with our new interoperability principles and specific actions to increase the openness of our products, we are focusing on steps that will improve things for the future,” Microsoft said.

Further cases

But the firm is still being pursued by Brussels.

Last month, the European Commission launched two new anti-competition investigations against Microsoft into similar issues.

Mozilla Firefox 2.0.0.12 was released today with a number of critical bug fixes. It is highly recommended that you update if you use Firefox.Fixed in Firefox 2.0.0.12

• MFSA 2008-11 Web forgery overwrite with div overlay
• MFSA 2008-10 URL token stealing via stylesheet redirect
• MFSA 2008-09 Mishandling of locally-saved plain text files
• MFSA 2008-08 File action dialog tampering
• MFSA 2008-06 Web browsing history and forward navigation stealing
• MFSA 2008-05 Directory traversal via chrome: URI
• MFSA 2008-04 Stored password corruption
• MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
• MFSA 2008-02 Multiple file input focus stealing vulnerabilities
• MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

Download Mozilla Firefox 2.0.0.12

Urges Microsoft to give consumers a genuine choice of standards-compliant Web browsers

Opera Software ASA, the only company that can put the Web on any device, filed a complaint with the European Commission yesterday which is aimed at giving consumers a genuine choice of Web browsers.

The complaint describes how Microsoft is abusing its dominant position by tying its browser, Internet Explorer, to the Windows operating system and by hindering interoperability by not following accepted Web standards. Opera has requested the Commission to take the necessary actions to compel Microsoft to give consumers a real choice and to support open Web standards in Internet Explorer.

“We are filing this complaint on behalf of all consumers who are tired of having a monopolist make choices for them,” said Jon von Tetzchner, CEO of Opera. “In addition to promoting the free choice of individual consumers, we are a champion of open Web standards and cross-platform innovation. We cannot rest until we’ve brought fair and equitable options to consumers worldwide.”

Opera requests the Commission to implement two remedies to Microsoft’s abusive actions. First, it requests the Commission to obligate Microsoft to unbundle Internet Explorer from Windows and/or carry alternative browsers pre-installed on the desktop. Second, it asks the European Commission to require Microsoft to follow fundamental and open Web standards accepted by the Web-authoring communities. The complaint calls on Microsoft to adhere to its own public pronouncements to support these standards, instead of stifling them with its notorious “Embrace, Extend and Extinguish” strategy. Microsoft’s unilateral control over standards in some markets creates a de facto standard that is more costly to support, harder to maintain, and technologically inferior and that can even expose users to security risks.

Prior to the release of Firefox 2.0.0.10 a minor security issue was discovered in the drawImage method in the Canvas API. This particular method takes an image (in the form of an IMG DOM Element), extracts the image data, and puts it into the Canvas at the desired points. If you’re interested in seeing what this method does (and aren’t running 2.0.0.10) then visit the Mozilla developer demo. The issue was that if the image was corrupted in some way, drawImage would still try to read data from it and display random bits of memory instead (oops).

This was fixed and two attachments were uploaded resolving this bug. However, that’s where the issue came in. When it came time to commit the changes, only the first patch landed (by mistake) which caused drawImage to become all wonky. Coupled by the fact that there wasn’t an immediate regression test in place to notice the obvious error. (That being said, we’re getting much better - going from very few automated tests about a year ago, to tens of thousands now.)

Nov. 26: Firefox 2.0.0.10 is released, Canvas.drawImage method is not working

Canvas users (both web applications and Firefox extensions) start to notice the following error pop up:

uncaught exception: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMCanvasRenderingContext2D.drawImage]” nsresult: “0×80040111 (NS_ERROR_NOT_AVAILABLE)” location: “JS frame :: drawImage.html :: anonymous :: line 12″ data: no]

The obvious bug is spotted and the patch is landed. The question then became: How serious is this? In a nutshell: Very serious. A number of critical applications were using this functionality to draw parts of their UIs and having this fail made them unusable. Thus, the new question was: How fast can we get it out? The answer:

Nov.

As part of Mozilla Corporation’s ongoing stability and security update process, Firefox 2.0.0.11 is now available for Windows, Mac, and Linux for free download from http://getfirefox.com.

We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 2.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.

For a list of changes and more information, please review the Firefox 2.0.0.11 Release Notes.

If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

Source

As part of Mozilla Corporation’s ongoing stability and security update process, Firefox 2.0.0.10 is now available for Windows, Mac, and Linux for free download from http://getfirefox.com.

We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 2.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu starting now.

For a list of changes and more information, please review the Firefox 2.0.0.10 Release Notes.

If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

Source

As part of Mozilla Corporation’s ongoing stability and security update process, Firefox 2.0.0.9 is now available for Windows, Mac, and Linux for free download from http://getfirefox.com.

We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 2.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu starting now.

For a list of changes and more information, please review the Firefox 2.0.0.9 Release Notes.

If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

Source

Firefox 2.0.0.7 was released this afternoon to patch the QuickTime issue described here. This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple. I would like to personally thank the individuals at Apple who worked with us and the engineers at Mozilla that work so hard to get security updates out so quickly.

This issue was patched in only six (or 6.25 according to John O’Duinn) days. When a vendor ships security fixes quickly, it lowers the incentive for attackers to spend time developing and deploying an exploit for that issue. The window of opportunity for attackers is reduced and so is the potential to compromise users. So thanks you guys, for helping destroy the economics of malicious exploit development.

(Announcement link)

Source