Last week, SANS reported a 0-day exploit in Microsoft's DirectShow ActiveX control that can be exploited in IE. This ActiveX control is not intended to run in IE. Microsoft's advisory is here. Microsoft created a "Fix it" article that turns on its kill bit. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers apply the "Fix it."
Then this week, SANS reported a 0-day exploit in Microsoft's Office Web Components ActiveX control that can be exploited in IE. This ActiveX control is not intended to run in IE. Microsoft's advisory is here. Microsoft created a "Fix it" article that turns on its kill bit. (Is there an echo in here?) Microsoft's Security Response Center says it doesn't affect Vista. Read the details for yourself.
Then today, Brian Krebs reported a "highly critical" vulnerability in FireFox 3.5. He describes the "about:config" as a work-around:
To disable the vulnerable component, open up a new Firefox window and type "about:config" (without the quotes) in the browser's address bar. In the "filter" box, type "jit" and you should see a setting called "javascript.options.jit.content". You should notice that beside that setting it reads "true," meaning the setting is enabled. If you just double-click on that setting, it should disable it, changing the option to "false." That's it.The bad news is that this slows Firefox's Javascript back down to 3.0 levels.
No comments:
Post a Comment