[mchFree] [MCH] Digest Number 1722
- From: "Mike the mod" <mikebike@xxxxxxxxx>
- To: mch@xxxxxxxxxxxxx
- Date: Sat, 15 Apr 2006 10:24:10 -0700
There are 16 messages in this issue.
Topics in this digest:
1. Re: Re: Windows ME
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
2. Re: {OT} Re: Windows ME
From: CHRIS-JO-ANN-SPILKER@xxxxxxxxxxxxxxxx
3. MS April Patch Tuesday UPDATES
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
4. IPCfg - Win98
From: "Ken Hollingsworth" <kenholl@xxxxxxxxx>
5. Re: IPCfg - Win98
From: casper <officialbizniz@xxxxxxxxx>
6. Re: {OT} Re: Windows ME
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
7. Re: IE pages flipping while surfing?
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
8. Re: Does anyone use YDS - yahoo desktop search??
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
9. Re: Windows ME
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
10. [SA19631] Firefox Multiple Vulnerabilities
From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx>
11. [SA19631] Firefox Multiple Vulnerabilities
From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx>
12. [SA19649] Mozilla SeaMonkey Multiple Vulnerabilities
From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx>
13. Re: IPCfg - Win98
From: "Ken Hollingsworth" <kenholl@xxxxxxxxx>
14. Re: Windows ME
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
15. Re: Windows ME
From: Estavi Meilu <estavi2@xxxxxxxxx>
16. Re: Windows ME
From: "Wyatt M. Portendt" <wyatt.m.portendt@xxxxxxxxx>
________________________________________________________________________
________________________________________________________________________
Message: 1
Date: Thu, 13 Apr 2006 23:37:43 -0500
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
Subject: Re: Re: Windows ME
Thanks, Vince, for your input. The more I think about this situation, the
madder I get. I should have suspected something when he first opened up the
computer. He stated that my floppy disk drive wasn't even connected. Gee,
that's funny; I just used it less than a week ago. I know I should have
said something when he started messing with my settings, but it was all done
before I could get a word in. Not only that, he went into msconfig and
disabled the option where scandisk runs after a bad shutdown. I immediately
went back in a changed it back.
I'm a bit more conservative than you with respect to energy usage, etc. I
have my monitor shut off after 5 minutes (I don't use screen saver); hard
disk off after 15 minutes; and system standby after 30 minutes.
Thanks again for your input.
Peter
----- Original Message -----
From: "Vince" <timechaser@xxxxxxxxxxxxx>
To: <mycomputerheadaches@xxxxxxxxxxxxxxx>
Sent: Thursday, April 13, 2006 9:52 PM
Subject: [MCH] Re: Windows ME
Are you sure your guy is a tech or a tech wanna-be.
Everyone has their own opinion of what they should do on shutting
down systems. The um tech you hired should have atleast consulted
with you about why you had your settings they way you do and ask if
it was ok to change them. Even if it was important to change them
when it comes to personal settings he should have atleast explained
his reasons for making the changes. Changing things like that would
be like someone coming into your house and changing your theromstat
without asking or re-arranging your furniture.
As for my opinion here is what I do and why, but again it is just me
what you do is up to your own decision.
Set screen saver for 10 minutes. Reason if sitting at home at night
in the dark when my dark screen saver comes on the room dims and it
remindes me that my computer is still on and if I am not going to
use it anymore I can go turn it off.
Set monitor to go off in 20 minutes. Reason if I don't turn off the
computer atleast there will be less burinig of the monitor to wear
it our and less energey drain on the system.
Set hard drives to shut down in one hour. Reason again if I get busy
doing something else maybe even for hours the computer will use less
energy and not wear out the hard drive as fast.
I replace many hard drives at work because they run non stop and do
not shut down after an hour. This is fine during business hours but
we don't shut our computers off at night and the hard drives are
spinning for atleast 12 hours with no use at all. These drives tend
to wear out in just about 2-21/2 years.
Once I turn my computer on for the day usually in the evening I will
let it run until bed time. At that time I will turn it off. Again to
save energy and to keep it clean. The longer it runs the dirtier it
gets and the faster it wears out. Just think if you started your car
and always left it running so you don't have to start it every time
you get in. Yes you will save on the wear and tear of the starter
but what about the rest of the car.
Again this is just what I do. I know many people that I work on
computers for that never turn off the machines and use different
settings. It is all just a personal thing.
--- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter Churukian"
<petervc@...> wrote:
>
> I need a little clarification before I make an "argument" to a
computer tech. I have a somewhat aged Gateway 1.5 Ghz computer with
Windows ME (ca. 5 yrs old). It works fine and suits my purposes,
that is until earlier today. I heard a loud "pop" and the
unit "died." My non-technical mind feels it must be something to
due to the power supply. I called a local tech, and when he heard I
had Windows ME, he was reluctant to make an attempt to fix. In fact
he said to junk my machine and get a new one. His reason was that I
won't be able to get antivirus software to protect it. I currently
have Norton Internet Security 2005, and it seems to work fine. (I
know; I know; anything Norton is not cool, but it serves me well.)
I convinced him to come tomorrow anyway to see if he can get my
computer up and running again.
>
> My question is: is there any truth to this person's argument that
one can't protect Windows ME machines from viruses?
>
> If anyone is wondering, I writing and sending this note on my
newer laptop (which has Windows XP Home).
>
> Thank you.
>
> Peter
>
>
> [Non-text portions of this message have been removed]
>
==MOD RULE: Delete this line & everything below it when responding.==
http://groups.yahoo.com/group/mycomputerheadaches/messages
Yahoo! Groups Links
________________________________________________________________________
________________________________________________________________________
Message: 2
Date: Fri, 14 Apr 2006 11:42:02 +0000
From: CHRIS-JO-ANN-SPILKER@xxxxxxxxxxxxxxxx
Subject: Re: {OT} Re: Windows ME
Hi,
This is off topic a bit ...
You said:
"He stated that my floppy disk drive wasn't even connected. Gee, that's
funny; I just used it less than a week ago."
Reminds me of an instance sometime ago with my wife's car inspection
{required annually}. I waited while the car was inspected. The mechanic
{and also owner} failed the car based on worn brake pads on the front
wheels. I had only replaced them {myself} 7 months prior. He knew I worked
on my own cars. Suspecting that I would replace them myself, he warned me
that replacing the front brake pads on ABS {Antilocking Braking System}
could be tricky and required one specialty tool. I thanked him, left and
never went back to him. MY WIFE'S CAR DOES NOT HAVE AN ABS SYSTEM!
Took my car to another garage down the street {same day} and it
passed with no troubles. Asked mechanic about state of the front brake pads
and he said they are practically new.
I have never gone back to the first garage and have warned others of
his practices.
I repair computers for a living and would advise you to find another
computer technician.
Kind regards,
Christopher J. Spilker
-------------- Original message ----------------------
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
> Thanks, Vince, for your input. The more I think about this situation, the
> madder I get. I should have suspected something when he first opened up
the
> computer. He stated that my floppy disk drive wasn't even connected.
Gee,
> that's funny; I just used it less than a week ago. I know I should have
> said something when he started messing with my settings, but it was all
done
> before I could get a word in. Not only that, he went into msconfig and
> disabled the option where scandisk runs after a bad shutdown. I
immediately
> went back in a changed it back.
>
> I'm a bit more conservative than you with respect to energy usage, etc. I
> have my monitor shut off after 5 minutes (I don't use screen saver); hard
> disk off after 15 minutes; and system standby after 30 minutes.
>
> Thanks again for your input.
>
> Peter
________________________________________________________________________
________________________________________________________________________
Message: 3
Date: Fri, 14 Apr 2006 12:43:21 -0000
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
Subject: MS April Patch Tuesday UPDATES
April MS UPDATES
Microsoft released its security software patches for April,
addressing an unpatched bug in IE that hackers had been exploiting
for several weeks.
The five patches addressed a number of critical vulnerabilities in
IE and Windows. Microsoft also released an update for Outlook
Express, rated "important," and a fix for Windows FrontPage Server
Extensions and SharePoint Team Services 2002, rated "moderate."
Here's a description of what Microsoft released:
http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx
The most anticipated part of this month's update is the MS06-013
patch, which fixes several IE bugs, including the "create TextRange
()" vulnerability reported last month. Hackers had been exploiting
this problem by installing unauthorized software on PCs accessed
after tricking users into visiting sites that took advantage of the
bug. The problem was serious enough that security vendors eEye
Digital Security and Determina created patches to address it. The
patch, which Microsoft does not recommend, was downloaded 156,000
times by Windows users.
Microsoft also patched a similarly critical vulnerability in Windows
Explorer involving Component Object Model objects. Attackers could
take over a system by tricking users into visiting a Web site that
would connect them to a remote file server. This remote file server
could then cause Windows Explorer to fail in a way that could allow
code execution. This vulnerability affects all supported versions of
Windows:
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
The third critical fix in April's updates addresses a vulnerability
in an ActiveX control, called RDS.Dataspace, which is distributed
with the Microsoft Data Access Components. This software is included
with the Windows operating system and is typically used by database
software. The RDS.Dataspace component problem is rated critical for
Windows 98, Windows 2000, and Windows XP.
Additionally, a new version of the Malicious Software Removal Tool
will also be released to address new malware threats. It will be
updated via Windows Update, Microsoft Update, Windows Server Update
Services and the Download Center. The anti-malware tool will not be
made available using the company's SUS (Software Update Services).
Microsoft would also distribute one non-security high-priority
update on its Microsoft Update and Windows Server Update Services,
but offered no further details of what that release might involve.
MS, earlier this week, recommended that many businesses should
consider buying degaussing technologies (WHAT???!!!) to wipe
computer hard drives clean when they reinstall operating systems in
order to recover from malware attacks, particularly when dealing
with rootkits infections. MS reps said that rootkits that use cloak
malware programs and maintain an undetectable presence on infected
machines have increased in popularity among spyware writers. Based
on the way many of these pieces of code are built, MS said it may be
impossible for IT workers to determine whether or not such rootkits
have been fully removed from an infected system.
________________________________________________________________________
________________________________________________________________________
Message: 4
Date: Fri, 14 Apr 2006 08:33:27 -0700
From: "Ken Hollingsworth" <kenholl@xxxxxxxxx>
Subject: IPCfg - Win98
I'm attempting to clean out an old eMachine with Win 98
on it. When I got it, it would connect to the net, and other
computers on my LAN. The complaint was viruses, and a
general tune-up, updates, etc....
I downloaded many Windows updates, downloaded
AVG free, and at some point in that process, and after
rebooting many times - I now get an error when I try to
connect - IPCfgDLL.DLL is linked to missing Wsock32.DLL -
I find both files in place in the /Windows/system folder where
they are supposed to be. Even though I can't connect to
the net - I can connect to the LAN sporadically - sometimes
not.
The machine had 64mb of Ram, and I added 64 - it now runs
pretty good, other than failing to connect to the net.
Any suggestions before I re-install 98? I don't think the
machine is strong enough for XP.
Ken Hollingsworth
________________________________________________________________________
________________________________________________________________________
Message: 5
Date: Fri, 14 Apr 2006 09:01:40 -0700 (PDT)
From: casper <officialbizniz@xxxxxxxxx>
Subject: Re: IPCfg - Win98
Ken, have you tried using WinsockFix?
Ken Hollingsworth <kenholl@xxxxxxxxx> wrote:
I'm attempting to clean out an old eMachine with Win 98
on it. When I got it, it would connect to the net, and other computers on
my LAN. The complaint was viruses, and a general tune-up, updates, etc....
I downloaded many Windows updates, downloaded
AVG free, and at some point in that process, and after
rebooting many times - I now get an error when I try to
connect - IPCfgDLL.DLL is linked to missing Wsock32.DLL -
I find both files in place in the /Windows/system folder where they are
supposed to be. Even though I can't connect to the net - I can connect to
the LAN sporadically - sometimes not.
The machine had 64mb of Ram, and I added 64 - it now runs pretty good,
other than failing to connect to the net.
Any suggestions before I re-install 98? I don't think the machine is
strong enough for XP.
Ken Hollingsworth
Don't mistreat any foreigners who live in your land. Instead, treat them as
well as you treat citizens and love them as much as you love
yourself....[Thus says] the Lord your God.
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+
countries) for 2¢/min or less.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 6
Date: Fri, 14 Apr 2006 08:10:03 -0500
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
Subject: Re: {OT} Re: Windows ME
Christopher,
Interesting tale on the car. I've had somewhat the same happen to me, but
that's another story.
Be sure I'll never use this technician again. I've owned computers since
1989 and have never needed any work done ever. Oh sure, I've had hard
drives die, but I was able to replace them myself. In fact, I've done all
installations of memory, tape drive, slave hard drives, etc. myself. This
was just a case of where I know it was something beyond my "expertise." I
should have taken it to Best Buy.
Thanks for your input.
Peter
----- Original Message -----
From: <CHRIS-JO-ANN-SPILKER@xxxxxxxxxxxxxxxx>
To: <mycomputerheadaches@xxxxxxxxxxxxxxx>
Sent: Friday, April 14, 2006 6:42 AM
Subject: Re: [MCH] {OT} Re: Windows ME
Hi,
This is off topic a bit ...
You said:
"He stated that my floppy disk drive wasn't even connected. Gee, that's
funny; I just used it less than a week ago."
Reminds me of an instance sometime ago with my wife's car inspection
{required annually}. I waited while the car was inspected. The mechanic {and
also owner} failed the car based on worn brake pads on the front wheels. I
had only replaced them {myself} 7 months prior. He knew I worked on my own
cars. Suspecting that I would replace them myself, he warned me that
replacing the front brake pads on ABS {Antilocking Braking System} could be
tricky and required one specialty tool. I thanked him, left and never went
back to him. MY WIFE'S CAR DOES NOT HAVE AN ABS SYSTEM!
Took my car to another garage down the street {same day} and it passed
with no troubles. Asked mechanic about state of the front brake pads and he
said they are practically new.
I have never gone back to the first garage and have warned others of
his practices.
I repair computers for a living and would advise you to find another
computer technician.
Kind regards,
Christopher J. Spilker
-------------- Original message ----------------------
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
> Thanks, Vince, for your input. The more I think about this situation, the
> madder I get. I should have suspected something when he first opened up
the
> computer. He stated that my floppy disk drive wasn't even connected.
Gee,
> that's funny; I just used it less than a week ago. I know I should have
> said something when he started messing with my settings, but it was all
done
> before I could get a word in. Not only that, he went into msconfig and
> disabled the option where scandisk runs after a bad shutdown. I
immediately
> went back in a changed it back.
>
> I'm a bit more conservative than you with respect to energy usage, etc. I
> have my monitor shut off after 5 minutes (I don't use screen saver); hard
> disk off after 15 minutes; and system standby after 30 minutes.
>
> Thanks again for your input.
>
> Peter
==MOD RULE: Delete this line & everything below it when responding.==
http://groups.yahoo.com/group/mycomputerheadaches/messages
Yahoo! Groups Links
________________________________________________________________________
________________________________________________________________________
Message: 7
Date: Fri, 14 Apr 2006 16:07:59 -0000
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
Subject: Re: IE pages flipping while surfing?
Annie, are you telling us that if there are 3 open browsers, the one
you click gets buried by the other two browsers and instead of
showing the clicked browsers, the other two get on top instead?
--- In mycomputerheadaches@xxxxxxxxxxxxxxx, Richard Wampler
<rtwamps@...> wrote:
>
Annie,
This happens to me too. Not constant or consistent rather
occasionally. I can not figure when or why it happens. On the days
or times it happens it just keeps happening. Maybe memory related?
As in how long the pc has been on (time wise)?
rick
>
> >I know it sounds weird but I will try to explain. Ok I just
opened this window (<http://groups.yaho.com.....)
http://groups.yaho.com.....) in IE and the windows page flipped to
another IE open. Seems like the page I started viewing ends up 3
pages away and I have to alt + tab til I find my original page...
Does that make sense? It happens all the time.
--- In mycomputerheadaches@xxxxxxxxxxxxxxx, foofaraw in the middle
<foofaraw_in_the_middle@> wrote:
I still do not understand what she meant by "pages flipping". Annie?
Please we need more info.
________________________________________________________________________
________________________________________________________________________
Message: 8
Date: Fri, 14 Apr 2006 16:23:49 -0000
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
Subject: Re: Does anyone use YDS - yahoo desktop search??
Although you may find YDS to be a nice program, it is somewhat CPU-
intensive while indexing. However, running it in low priority mode
maybe able to fix this. Just launch Task Manager and look for YDS in
Processes tab and rightclick it, then choose "Set Priority". Then
finally choose LOW. Have you tried using Copernic Desktop Search
instead? It seems to be a lot less buggy than any other similar
program in its genre and far more superior in other features. Personal
CDS is free.
--- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Annie" <cosmaann@...>
wrote:
I can't find any help from their forum or any forum and I love YDS but
it does freeze a lot etc......
Annie
________________________________________________________________________
________________________________________________________________________
Message: 9
Date: Fri, 14 Apr 2006 16:36:54 -0000
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
Subject: Re: Windows ME
You mean you are setting your PC to standby or hibernate?
--- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter Churukian"
<petervc@...> wrote:
>
> Thanks, Tom, for the reply. Well, it's too late now. He's come
and gone, and, yes, it was the power supply.
I do have another question, though. This guy didn't like my 'screen
saver' settings, where I had my hard disk turn off after a certain
length of time.
He said it's hard on the drive (no pun intended) and that I should
just let the thing keep running. I usually turn my computer on in
the morning, then check email, etc. I leave it on, then check back
every hour or so for new emails, etc. Any thoughts?
Thanks.
Peter
----- Original Message -----
> From: "T. Hunt" <roversouth@...>
> To: <mycomputerheadaches@xxxxxxxxxxxxxxx>
> Sent: Thursday, April 13, 2006 1:00 PM
> Subject: Re: [MCH] Windows ME
>
>
>
> Yeah, I believe I'd look elsewhere for tech support. WindowsME is
> perfectly capable of running AV programs and being protected, just
like
> any other Windows OS. WindowsME, however, is built on the Win98
> platform that is by design less secure than Win2K or WinXP. There
is
> essentially no security in the Windows ME operating system.
>
> The load 'pop' could very well be the power supply. You will need
to
> make sure of the type of power connectors so that the power supply
is
> replaced with one that is compatible with that motherboard. Not a
> difficult task but one that has to be done right.
>
> Tom
Peter Churukian wrote:
I need a little clarification before I make an "argument" to a
computer tech. I have a somewhat aged Gateway 1.5 Ghz computer with
Windows ME (ca.5 yrs old). It works fine and suits my purposes,
that is until earlier today. I heard a loud "pop" and the
unit "died." My non-technical mind feels it must be something to
due to the power supply. I called a local tech, and when he heard I
had Windows ME, he was reluctant to make an attempt to fix. In fact
he said to junk my machine and get a new one. His reason was that I
won't be able to get antivirus software to protect it. I currently
have Norton Internet Security 2005, and it seems to work fine. (I
know; I know; anything Norton is not cool, but it serves me well.)
I convinced him to come tomorrow anyway to see if he can get my
computer up and running again.
My question is: is there any truth to this person's argument that
one can't protect Windows ME machines from viruses?
If anyone is wondering, I writing and sending this note on my newer
laptop (which has Windows XP Home).
Thank you.
Peter
________________________________________________________________________
________________________________________________________________________
Message: 10
Date: Fri, 14 Apr 2006 10:05:14 -0700 (PDT)
From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx>
Subject: [SA19631] Firefox Multiple Vulnerabilities
Secunia Security Advisories
TITLE:
Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA19631
VERIFY ADVISORY:
http://secunia.com/advisories/19631/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive
information, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla Firefox 1.x
http://secunia.com/product/4227/
DESCRIPTION:
Multiple vulnerabilities have been reported in Firefox, which can be
exploited by malicious people to conduct cross-site scripting and phishing
attacks, bypass certain security restrictions, disclose sensitive
information, and potentially compromise a user's system.
1) An error exists where JavaScript can be injected into another page,
which is currently loading. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an arbitrary site.
2) An error in the garbage collection in the JavaScript engine can be
exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
3) A boundary error in the CSS border rendering implementation may be
exploited to write past the end of an array.
4) An integer overflow in the handling of overly long regular expressions
in JavaScript may be exploited to execute arbitrary JavaScript bytecode.
5) Two errors in the handling of "-moz-grid" and "-moz-grid-group" display
styles may be exploited to execute arbitrary code.
6) An error in the "InstallTrigger.install()" method can be exploited to
cause a memory corruption.
7) An unspecified error can be exploited to spoof the secure lock icon and
the address bar by changing the location of a pop-up window in certain
situations.
Successful exploitation requires that the "Entering secure site" dialog has
been enabled (not enabled by default).
8) It is possible to trick users into downloading malicious files via the
"Save image as..." menu option.
9) A JavaScript function created via an "eval()" call associated with a
method of an XBL binding may be compiled with incorrect privileges.
This can be exploited to execute arbitrary code.
10) An error where the "Object.watch()" method exposes the internal "clone
parent" function object can be exploited to execute arbitrary JavaScript
code with escalated privileges.
Successful exploitation allows execution of arbitrary code.
11) An error in the protection of the compilation scope of built-in
privileged XBL bindings can be exploited to execute arbitrary JavaScript
code with escalated privileges.
Successful exploitation allows execution of arbitrary code.
12) An unspecified error can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an arbitrary site via
the window.controllers array.
13) An error in the processing of a certain sequence of HTML tags can be
exploited to cause a memory corruption.
Successful exploitation allows execution of arbitrary code.
14) An error in the "valueOf.call()" and "valueOf.apply()" methods can be
exploited to execute arbitrary HTML and script code in a user's browser
session in context of an arbitrary site.
15) Some errors in the DHTML implementation can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
16) An integer overflow error in the processing of the CSS letter-spacing
property can be exploited to cause a heap-based buffer overflow.
Successful exploitation allows execution of arbitrary code.
17) An error in the handling of file upload controls can be exploited to
upload arbitrary files from a user's system by e.g. dynamically changing a
text input box to a file upload control.
18) An unspecified error in the "crypto.generateCRMFRequest()" method can
be exploited to execute arbitrary code.
19) An error in the handling of scripts in XBL controls can be exploited to
gain chrome privileges via the "Print Preview" functionality.
20) An error in a security check in the "js_ValueToFunctionObject()" method
can be exploited to execute arbitrary code via "setTimeout()" and "ForEach".
21) An error in the interaction between XUL content windows and the history
mechanism can be exploited to trick users into interacting with a browser
user interface which is not visible.
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Update to versions 1.0.8 or 1.5.0.2.
http://www.mozilla.com/firefox/
PROVIDED AND/OR DISCOVERED BY:
1, 9, 10, 12, 18, 20) shutdown
2) Igor Bukanov
3) Bernd Mielke
4) Alden D'Souza
5) Martijn Wargers
6) Bob Clary
7) Tristor
8) Michael Krax
11, 14, 21) moz_bug_r_a4
13, 16) TippingPoint and the Zero Day Initiative
17) Claus Jørgensen and Jesse Ruderman
19) Georgi Guninski
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
http://www.mozilla.org/security/announce/2006/mfsa2006-29.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help everybody
keeping their systems up to date against the latest vulnerabilities.
My Computer Headaches Forums
http://mycomputerheadaches.tz4.com
The latest addition to MCH family (Free, requires registration)
My Computer Headaches Yahoogroup
.... celebrating its 3rd Year Anniversary.
http://groups.yahoo.com/group/mycomputerheadaches/
---------------------------------
Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo!
Messenger with Voice.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 11
Date: Fri, 14 Apr 2006 10:06:49 -0700 (PDT)
From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx>
Subject: [SA19631] Firefox Multiple Vulnerabilities
Secunia Security Advisories
TITLE:
Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA19631
VERIFY ADVISORY:
http://secunia.com/advisories/19631/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive
information, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla Firefox 1.x
http://secunia.com/product/4227/
DESCRIPTION:
Multiple vulnerabilities have been reported in Firefox, which can be
exploited by malicious people to conduct cross-site scripting and phishing
attacks, bypass certain security restrictions, disclose sensitive
information, and potentially compromise a user's system.
1) An error exists where JavaScript can be injected into another page,
which is currently loading. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an arbitrary site.
2) An error in the garbage collection in the JavaScript engine can be
exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
3) A boundary error in the CSS border rendering implementation may be
exploited to write past the end of an array.
4) An integer overflow in the handling of overly long regular expressions
in JavaScript may be exploited to execute arbitrary JavaScript bytecode.
5) Two errors in the handling of "-moz-grid" and "-moz-grid-group" display
styles may be exploited to execute arbitrary code.
6) An error in the "InstallTrigger.install()" method can be exploited to
cause a memory corruption.
7) An unspecified error can be exploited to spoof the secure lock icon and
the address bar by changing the location of a pop-up window in certain
situations.
Successful exploitation requires that the "Entering secure site" dialog has
been enabled (not enabled by default).
8) It is possible to trick users into downloading malicious files via the
"Save image as..." menu option.
9) A JavaScript function created via an "eval()" call associated with a
method of an XBL binding may be compiled with incorrect privileges.
This can be exploited to execute arbitrary code.
10) An error where the "Object.watch()" method exposes the internal "clone
parent" function object can be exploited to execute arbitrary JavaScript
code with escalated privileges.
Successful exploitation allows execution of arbitrary code.
11) An error in the protection of the compilation scope of built-in
privileged XBL bindings can be exploited to execute arbitrary JavaScript
code with escalated privileges.
Successful exploitation allows execution of arbitrary code.
12) An unspecified error can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an arbitrary site via
the window.controllers array.
13) An error in the processing of a certain sequence of HTML tags can be
exploited to cause a memory corruption.
Successful exploitation allows execution of arbitrary code.
14) An error in the "valueOf.call()" and "valueOf.apply()" methods can be
exploited to execute arbitrary HTML and script code in a user's browser
session in context of an arbitrary site.
15) Some errors in the DHTML implementation can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
16) An integer overflow error in the processing of the CSS letter-spacing
property can be exploited to cause a heap-based buffer overflow.
Successful exploitation allows execution of arbitrary code.
17) An error in the handling of file upload controls can be exploited to
upload arbitrary files from a user's system by e.g. dynamically changing a
text input box to a file upload control.
18) An unspecified error in the "crypto.generateCRMFRequest()" method can
be exploited to execute arbitrary code.
19) An error in the handling of scripts in XBL controls can be exploited to
gain chrome privileges via the "Print Preview" functionality.
20) An error in a security check in the "js_ValueToFunctionObject()" method
can be exploited to execute arbitrary code via "setTimeout()" and "ForEach".
21) An error in the interaction between XUL content windows and the history
mechanism can be exploited to trick users into interacting with a browser
user interface which is not visible.
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Update to versions 1.0.8 or 1.5.0.2.
http://www.mozilla.com/firefox/
PROVIDED AND/OR DISCOVERED BY:
1, 9, 10, 12, 18, 20) shutdown
2) Igor Bukanov
3) Bernd Mielke
4) Alden D'Souza
5) Martijn Wargers
6) Bob Clary
7) Tristor
8) Michael Krax
11, 14, 21) moz_bug_r_a4
13, 16) TippingPoint and the Zero Day Initiative
17) Claus Jørgensen and Jesse Ruderman
19) Georgi Guninski
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
http://www.mozilla.org/security/announce/2006/mfsa2006-29.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help everybody
keeping their systems up to date against the latest vulnerabilities.
My Computer Headaches Forums
http://mycomputerheadaches.tz4.com
The latest addition to MCH family (Free, requires registration)
My Computer Headaches Yahoogroup
.... celebrating its 3rd Year Anniversary.
http://groups.yahoo.com/group/mycomputerheadaches/
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save
big.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 12
Date: Fri, 14 Apr 2006 10:08:09 -0700 (PDT)
From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx>
Subject: [SA19649] Mozilla SeaMonkey Multiple Vulnerabilities
Secunia Security Advisories
TITLE:
Mozilla SeaMonkey Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA19649
VERIFY ADVISORY:
http://secunia.com/advisories/19649/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE:
Mozilla SeaMonkey 1.x
http://secunia.com/product/9126/
DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to bypass certain security restrictions,
disclose sensitive information, and compromise a user's system.
For more information, see vulnerabilities #15, #16, #17, #18, #19, #20, and
#21 in:
SA19631
SOLUTION:
Update to version 1.0.1.
http://www.mozilla.org/projects/seamonkey/
OTHER REFERENCES:
SA19631:
http://secunia.com/advisories/19631/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help everybody
keeping their systems up to date against the latest vulnerabilities.
My Computer Headaches Forums
http://mycomputerheadaches.tz4.com
The latest addition to MCH family (Free, requires registration)
My Computer Headaches Yahoogroup
.... celebrating its 3rd Year Anniversary.
http://groups.yahoo.com/group/mycomputerheadaches/
---------------------------------
Love cheap thrills? Enjoy PC-to-Phone calls to 30+ countries for just
2¢/min with Yahoo! Messenger with Voice.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 13
Date: Fri, 14 Apr 2006 10:30:52 -0700
From: "Ken Hollingsworth" <kenholl@xxxxxxxxx>
Subject: Re: IPCfg - Win98
Thanks Casper. I hadn't heard of that one, and I'm sorry to say,
it didn't do anything when I just tried it.
Ken
On 4/14/06, casper <officialbizniz@xxxxxxxxx> wrote:
> Ken, have you tried using WinsockFix?
>
>
>
>
> Ken Hollingsworth <kenholl@xxxxxxxxx> wrote:
> I'm attempting to clean out an old eMachine with Win 98
> on it. When I got it, it would connect to the net, and other computers
on my LAN. The complaint was viruses, and a general tune-up, updates,
etc....
>
> I downloaded many Windows updates, downloaded
> AVG free, and at some point in that process, and after
> rebooting many times - I now get an error when I try to
> connect - IPCfgDLL.DLL is linked to missing Wsock32.DLL -
>
> I find both files in place in the /Windows/system folder where they are
supposed to be. Even though I can't connect to the net - I can connect to
the LAN sporadically - sometimes not.
>
> The machine had 64mb of Ram, and I added 64 - it now runs pretty good,
other than failing to connect to the net.
> Any suggestions before I re-install 98? I don't think the machine is
strong enough for XP.
>
> Ken Hollingsworth
>
>
>
>
> Don't mistreat any foreigners who live in your land. Instead, treat them
as well as you treat citizens and love them as much as you love
yourself....[Thus says] the Lord your God.
>
> ---------------------------------
> Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+
countries) for 2¢/min or less.
>
> [Non-text portions of this message have been removed]
>
>
>
> ==MOD RULE: Delete this line & everything below it when responding.==
> http://groups.yahoo.com/group/mycomputerheadaches/messages
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
________________________________________________________________________
________________________________________________________________________
Message: 14
Date: Fri, 14 Apr 2006 13:38:09 -0500
From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx>
Subject: Re: Windows ME
I'm setting it to standby. I don't think there is a hibernate feature on
Windows ME.
----- Original Message -----
From: "officialbizniz" <officialbizniz@xxxxxxxxx>
To: <mycomputerheadaches@xxxxxxxxxxxxxxx>
Sent: Friday, April 14, 2006 11:36 AM
Subject: Re: [MCH] Windows ME
You mean you are setting your PC to standby or hibernate?
--- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter Churukian"
<petervc@...> wrote:
>
> Thanks, Tom, for the reply. Well, it's too late now. He's come
and gone, and, yes, it was the power supply.
I do have another question, though. This guy didn't like my 'screen
saver' settings, where I had my hard disk turn off after a certain
length of time.
He said it's hard on the drive (no pun intended) and that I should
just let the thing keep running. I usually turn my computer on in
the morning, then check email, etc. I leave it on, then check back
every hour or so for new emails, etc. Any thoughts?
Thanks.
Peter
----- Original Message -----
> From: "T. Hunt" <roversouth@...>
> To: <mycomputerheadaches@xxxxxxxxxxxxxxx>
> Sent: Thursday, April 13, 2006 1:00 PM
> Subject: Re: [MCH] Windows ME
>
>
>
> Yeah, I believe I'd look elsewhere for tech support. WindowsME is
> perfectly capable of running AV programs and being protected, just
like
> any other Windows OS. WindowsME, however, is built on the Win98
> platform that is by design less secure than Win2K or WinXP. There
is
> essentially no security in the Windows ME operating system.
>
> The load 'pop' could very well be the power supply. You will need
to
> make sure of the type of power connectors so that the power supply
is
> replaced with one that is compatible with that motherboard. Not a
> difficult task but one that has to be done right.
>
> Tom
Peter Churukian wrote:
I need a little clarification before I make an "argument" to a
computer tech. I have a somewhat aged Gateway 1.5 Ghz computer with
Windows ME (ca.5 yrs old). It works fine and suits my purposes,
that is until earlier today. I heard a loud "pop" and the
unit "died." My non-technical mind feels it must be something to
due to the power supply. I called a local tech, and when he heard I
had Windows ME, he was reluctant to make an attempt to fix. In fact
he said to junk my machine and get a new one. His reason was that I
won't be able to get antivirus software to protect it. I currently
have Norton Internet Security 2005, and it seems to work fine. (I
know; I know; anything Norton is not cool, but it serves me well.)
I convinced him to come tomorrow anyway to see if he can get my
computer up and running again.
My question is: is there any truth to this person's argument that
one can't protect Windows ME machines from viruses?
If anyone is wondering, I writing and sending this note on my newer
laptop (which has Windows XP Home).
Thank you.
Peter
==MOD RULE: Delete this line & everything below it when responding.==
http://groups.yahoo.com/group/mycomputerheadaches/messages
Yahoo! Groups Links
________________________________________________________________________
________________________________________________________________________
Message: 15
Date: Fri, 14 Apr 2006 17:32:30 -0700 (PDT)
From: Estavi Meilu <estavi2@xxxxxxxxx>
Subject: Re: Windows ME
Doesn't Hibernate apply to laptobs, not Desktops?
Estavi
--- Peter Churukian <petervc@xxxxxxxxxxxxxx> wrote:
> I'm setting it to standby. I don't think there is a
> hibernate feature on
> Windows ME.
>
> ----- Original Message -----
> From: "officialbizniz" <officialbizniz@xxxxxxxxx>
> To: <mycomputerheadaches@xxxxxxxxxxxxxxx>
> Sent: Friday, April 14, 2006 11:36 AM
> Subject: Re: [MCH] Windows ME
>
>
>
>
> You mean you are setting your PC to standby or
> hibernate?
>
>
>
> --- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter
> Churukian"
> <petervc@...> wrote:
> >
> > Thanks, Tom, for the reply. Well, it's too late
> now. He's come
> and gone, and, yes, it was the power supply.
> I do have another question, though. This guy didn't
> like my 'screen
> saver' settings, where I had my hard disk turn off
> after a certain
> length of time.
> He said it's hard on the drive (no pun intended) and
> that I should
> just let the thing keep running. I usually turn my
> computer on in
> the morning, then check email, etc. I leave it on,
> then check back
> every hour or so for new emails, etc. Any thoughts?
> Thanks.
> Peter
>
>
>
> ----- Original Message -----
> > From: "T. Hunt" <roversouth@...>
> > To: <mycomputerheadaches@xxxxxxxxxxxxxxx>
> > Sent: Thursday, April 13, 2006 1:00 PM
> > Subject: Re: [MCH] Windows ME
> >
> >
> >
> > Yeah, I believe I'd look elsewhere for tech
> support. WindowsME is
> > perfectly capable of running AV programs and being
> protected, just
> like
> > any other Windows OS. WindowsME, however, is
> built on the Win98
> > platform that is by design less secure than Win2K
> or WinXP. There
> is
> > essentially no security in the Windows ME
> operating system.
> >
> > The load 'pop' could very well be the power
> supply. You will need
> to
> > make sure of the type of power connectors so that
> the power supply
> is
> > replaced with one that is compatible with that
> motherboard. Not a
> > difficult task but one that has to be done right.
> >
> > Tom
>
>
>
> Peter Churukian wrote:
> I need a little clarification before I make an
> "argument" to a
> computer tech. I have a somewhat aged Gateway 1.5
> Ghz computer with
> Windows ME (ca.5 yrs old). It works fine and suits
> my purposes,
> that is until earlier today. I heard a loud "pop"
> and the
> unit "died." My non-technical mind feels it must be
> something to
> due to the power supply. I called a local tech, and
> when he heard I
> had Windows ME, he was reluctant to make an attempt
> to fix. In fact
> he said to junk my machine and get a new one. His
> reason was that I
> won't be able to get antivirus software to protect
> it. I currently
> have Norton Internet Security 2005, and it seems to
> work fine. (I
> know; I know; anything Norton is not cool, but it
> serves me well.)
> I convinced him to come tomorrow anyway to see if he
> can get my
> computer up and running again.
>
> My question is: is there any truth to this person's
> argument that
> one can't protect Windows ME machines from viruses?
> If anyone is wondering, I writing and sending this
> note on my newer
> laptop (which has Windows XP Home).
> Thank you.
> Peter
>
>
>
>
>
>
>
> ==MOD RULE: Delete this line & everything below it
> when responding.==
>
http://groups.yahoo.com/group/mycomputerheadaches/messages
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
________________________________________________________________________
________________________________________________________________________
Message: 16
Date: Fri, 14 Apr 2006 21:28:03 -0500
From: "Wyatt M. Portendt" <wyatt.m.portendt@xxxxxxxxx>
Subject: Re: Windows ME
No, you can protect ME - it's just harder, because it's based on the 9x
architecture and has just too many avenues for viruses to approach. I'd
bet on the power supply. Every time I ever heard that pop, that's what
it was.
Maybe look for another tech. I dislike ME greatly, but I'll work on it.
I hate OE, but I work on that too. I don't work on 95 anymore, but
only because it's pointless.
On or about 4/12/2006 10:33 PM, the one known as Peter Churukian was
rumoured to have uttered...
> I need a little clarification before I make an "argument" to a computer
tech. I have a somewhat aged Gateway 1.5 Ghz computer with Windows ME (ca.
5 yrs old). It works fine and suits my purposes, that is until earlier
today. I heard a loud "pop" and the unit "died." My non-technical mind
feels it must be something to due to the power supply. I called a local
tech, and when he heard I had Windows ME, he was reluctant to make an
attempt to fix. In fact he said to junk my machine and get a new one. His
reason was that I won't be able to get antivirus software to protect it. I
currently have Norton Internet Security 2005, and it seems to work fine.
(I know; I know; anything Norton is not cool, but it serves me well.) I
convinced him to come tomorrow anyway to see if he can get my computer up
and running again.
>
> My question is: is there any truth to this person's argument that one
can't protect Windows ME machines from viruses?
>
> If anyone is wondering, I writing and sending this note on my newer
laptop (which has Windows XP Home).
>
> Thank you.
>
> Peter
________________________________________________________________________
________________________________________________________________________
==MOD RULE: Delete this line & everything below it when responding.==
http://groups.yahoo.com/group/mycomputerheadaches/messages
------------------------------------------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/mycomputerheadaches/
<*> To unsubscribe from this group, send an email to:
mycomputerheadaches-unsubscribe@xxxxxxxxxxxxxxx
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
------------------------------------------------------------------------
see the Yahoo home page
http://groups.yahoo.com/group/mycomputerheadaches/
See the self help page here
//www.freelists.org/cgi-bin/webpage?webpage_id=mch
Other related posts:
- » [mchFree] [MCH] Digest Number 1722
