There are 16 messages in this issue. Topics in this digest: 1. Re: Re: Windows ME From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> 2. Re: {OT} Re: Windows ME From: CHRIS-JO-ANN-SPILKER@xxxxxxxxxxxxxxxx 3. MS April Patch Tuesday UPDATES From: "officialbizniz" <officialbizniz@xxxxxxxxx> 4. IPCfg - Win98 From: "Ken Hollingsworth" <kenholl@xxxxxxxxx> 5. Re: IPCfg - Win98 From: casper <officialbizniz@xxxxxxxxx> 6. Re: {OT} Re: Windows ME From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> 7. Re: IE pages flipping while surfing? From: "officialbizniz" <officialbizniz@xxxxxxxxx> 8. Re: Does anyone use YDS - yahoo desktop search?? From: "officialbizniz" <officialbizniz@xxxxxxxxx> 9. Re: Windows ME From: "officialbizniz" <officialbizniz@xxxxxxxxx> 10. [SA19631] Firefox Multiple Vulnerabilities From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx> 11. [SA19631] Firefox Multiple Vulnerabilities From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx> 12. [SA19649] Mozilla SeaMonkey Multiple Vulnerabilities From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx> 13. Re: IPCfg - Win98 From: "Ken Hollingsworth" <kenholl@xxxxxxxxx> 14. Re: Windows ME From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> 15. Re: Windows ME From: Estavi Meilu <estavi2@xxxxxxxxx> 16. Re: Windows ME From: "Wyatt M. Portendt" <wyatt.m.portendt@xxxxxxxxx> ________________________________________________________________________ ________________________________________________________________________ Message: 1 Date: Thu, 13 Apr 2006 23:37:43 -0500 From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> Subject: Re: Re: Windows ME Thanks, Vince, for your input. The more I think about this situation, the madder I get. I should have suspected something when he first opened up the computer. He stated that my floppy disk drive wasn't even connected. Gee, that's funny; I just used it less than a week ago. I know I should have said something when he started messing with my settings, but it was all done before I could get a word in. Not only that, he went into msconfig and disabled the option where scandisk runs after a bad shutdown. I immediately went back in a changed it back. I'm a bit more conservative than you with respect to energy usage, etc. I have my monitor shut off after 5 minutes (I don't use screen saver); hard disk off after 15 minutes; and system standby after 30 minutes. Thanks again for your input. Peter ----- Original Message ----- From: "Vince" <timechaser@xxxxxxxxxxxxx> To: <mycomputerheadaches@xxxxxxxxxxxxxxx> Sent: Thursday, April 13, 2006 9:52 PM Subject: [MCH] Re: Windows ME Are you sure your guy is a tech or a tech wanna-be. Everyone has their own opinion of what they should do on shutting down systems. The um tech you hired should have atleast consulted with you about why you had your settings they way you do and ask if it was ok to change them. Even if it was important to change them when it comes to personal settings he should have atleast explained his reasons for making the changes. Changing things like that would be like someone coming into your house and changing your theromstat without asking or re-arranging your furniture. As for my opinion here is what I do and why, but again it is just me what you do is up to your own decision. Set screen saver for 10 minutes. Reason if sitting at home at night in the dark when my dark screen saver comes on the room dims and it remindes me that my computer is still on and if I am not going to use it anymore I can go turn it off. Set monitor to go off in 20 minutes. Reason if I don't turn off the computer atleast there will be less burinig of the monitor to wear it our and less energey drain on the system. Set hard drives to shut down in one hour. Reason again if I get busy doing something else maybe even for hours the computer will use less energy and not wear out the hard drive as fast. I replace many hard drives at work because they run non stop and do not shut down after an hour. This is fine during business hours but we don't shut our computers off at night and the hard drives are spinning for atleast 12 hours with no use at all. These drives tend to wear out in just about 2-21/2 years. Once I turn my computer on for the day usually in the evening I will let it run until bed time. At that time I will turn it off. Again to save energy and to keep it clean. The longer it runs the dirtier it gets and the faster it wears out. Just think if you started your car and always left it running so you don't have to start it every time you get in. Yes you will save on the wear and tear of the starter but what about the rest of the car. Again this is just what I do. I know many people that I work on computers for that never turn off the machines and use different settings. It is all just a personal thing. --- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter Churukian" <petervc@...> wrote: > > I need a little clarification before I make an "argument" to a computer tech. I have a somewhat aged Gateway 1.5 Ghz computer with Windows ME (ca. 5 yrs old). It works fine and suits my purposes, that is until earlier today. I heard a loud "pop" and the unit "died." My non-technical mind feels it must be something to due to the power supply. I called a local tech, and when he heard I had Windows ME, he was reluctant to make an attempt to fix. In fact he said to junk my machine and get a new one. His reason was that I won't be able to get antivirus software to protect it. I currently have Norton Internet Security 2005, and it seems to work fine. (I know; I know; anything Norton is not cool, but it serves me well.) I convinced him to come tomorrow anyway to see if he can get my computer up and running again. > > My question is: is there any truth to this person's argument that one can't protect Windows ME machines from viruses? > > If anyone is wondering, I writing and sending this note on my newer laptop (which has Windows XP Home). > > Thank you. > > Peter > > > [Non-text portions of this message have been removed] > ==MOD RULE: Delete this line & everything below it when responding.== http://groups.yahoo.com/group/mycomputerheadaches/messages Yahoo! Groups Links ________________________________________________________________________ ________________________________________________________________________ Message: 2 Date: Fri, 14 Apr 2006 11:42:02 +0000 From: CHRIS-JO-ANN-SPILKER@xxxxxxxxxxxxxxxx Subject: Re: {OT} Re: Windows ME Hi, This is off topic a bit ... You said: "He stated that my floppy disk drive wasn't even connected. Gee, that's funny; I just used it less than a week ago." Reminds me of an instance sometime ago with my wife's car inspection {required annually}. I waited while the car was inspected. The mechanic {and also owner} failed the car based on worn brake pads on the front wheels. I had only replaced them {myself} 7 months prior. He knew I worked on my own cars. Suspecting that I would replace them myself, he warned me that replacing the front brake pads on ABS {Antilocking Braking System} could be tricky and required one specialty tool. I thanked him, left and never went back to him. MY WIFE'S CAR DOES NOT HAVE AN ABS SYSTEM! Took my car to another garage down the street {same day} and it passed with no troubles. Asked mechanic about state of the front brake pads and he said they are practically new. I have never gone back to the first garage and have warned others of his practices. I repair computers for a living and would advise you to find another computer technician. Kind regards, Christopher J. Spilker -------------- Original message ---------------------- From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> > Thanks, Vince, for your input. The more I think about this situation, the > madder I get. I should have suspected something when he first opened up the > computer. He stated that my floppy disk drive wasn't even connected. Gee, > that's funny; I just used it less than a week ago. I know I should have > said something when he started messing with my settings, but it was all done > before I could get a word in. Not only that, he went into msconfig and > disabled the option where scandisk runs after a bad shutdown. I immediately > went back in a changed it back. > > I'm a bit more conservative than you with respect to energy usage, etc. I > have my monitor shut off after 5 minutes (I don't use screen saver); hard > disk off after 15 minutes; and system standby after 30 minutes. > > Thanks again for your input. > > Peter ________________________________________________________________________ ________________________________________________________________________ Message: 3 Date: Fri, 14 Apr 2006 12:43:21 -0000 From: "officialbizniz" <officialbizniz@xxxxxxxxx> Subject: MS April Patch Tuesday UPDATES April MS UPDATES Microsoft released its security software patches for April, addressing an unpatched bug in IE that hackers had been exploiting for several weeks. The five patches addressed a number of critical vulnerabilities in IE and Windows. Microsoft also released an update for Outlook Express, rated "important," and a fix for Windows FrontPage Server Extensions and SharePoint Team Services 2002, rated "moderate." Here's a description of what Microsoft released: http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx The most anticipated part of this month's update is the MS06-013 patch, which fixes several IE bugs, including the "create TextRange ()" vulnerability reported last month. Hackers had been exploiting this problem by installing unauthorized software on PCs accessed after tricking users into visiting sites that took advantage of the bug. The problem was serious enough that security vendors eEye Digital Security and Determina created patches to address it. The patch, which Microsoft does not recommend, was downloaded 156,000 times by Windows users. Microsoft also patched a similarly critical vulnerability in Windows Explorer involving Component Object Model objects. Attackers could take over a system by tricking users into visiting a Web site that would connect them to a remote file server. This remote file server could then cause Windows Explorer to fail in a way that could allow code execution. This vulnerability affects all supported versions of Windows: http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx The third critical fix in April's updates addresses a vulnerability in an ActiveX control, called RDS.Dataspace, which is distributed with the Microsoft Data Access Components. This software is included with the Windows operating system and is typically used by database software. The RDS.Dataspace component problem is rated critical for Windows 98, Windows 2000, and Windows XP. Additionally, a new version of the Malicious Software Removal Tool will also be released to address new malware threats. It will be updated via Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. The anti-malware tool will not be made available using the company's SUS (Software Update Services). Microsoft would also distribute one non-security high-priority update on its Microsoft Update and Windows Server Update Services, but offered no further details of what that release might involve. MS, earlier this week, recommended that many businesses should consider buying degaussing technologies (WHAT???!!!) to wipe computer hard drives clean when they reinstall operating systems in order to recover from malware attacks, particularly when dealing with rootkits infections. MS reps said that rootkits that use cloak malware programs and maintain an undetectable presence on infected machines have increased in popularity among spyware writers. Based on the way many of these pieces of code are built, MS said it may be impossible for IT workers to determine whether or not such rootkits have been fully removed from an infected system. ________________________________________________________________________ ________________________________________________________________________ Message: 4 Date: Fri, 14 Apr 2006 08:33:27 -0700 From: "Ken Hollingsworth" <kenholl@xxxxxxxxx> Subject: IPCfg - Win98 I'm attempting to clean out an old eMachine with Win 98 on it. When I got it, it would connect to the net, and other computers on my LAN. The complaint was viruses, and a general tune-up, updates, etc.... I downloaded many Windows updates, downloaded AVG free, and at some point in that process, and after rebooting many times - I now get an error when I try to connect - IPCfgDLL.DLL is linked to missing Wsock32.DLL - I find both files in place in the /Windows/system folder where they are supposed to be. Even though I can't connect to the net - I can connect to the LAN sporadically - sometimes not. The machine had 64mb of Ram, and I added 64 - it now runs pretty good, other than failing to connect to the net. Any suggestions before I re-install 98? I don't think the machine is strong enough for XP. Ken Hollingsworth ________________________________________________________________________ ________________________________________________________________________ Message: 5 Date: Fri, 14 Apr 2006 09:01:40 -0700 (PDT) From: casper <officialbizniz@xxxxxxxxx> Subject: Re: IPCfg - Win98 Ken, have you tried using WinsockFix? Ken Hollingsworth <kenholl@xxxxxxxxx> wrote: I'm attempting to clean out an old eMachine with Win 98 on it. When I got it, it would connect to the net, and other computers on my LAN. The complaint was viruses, and a general tune-up, updates, etc.... I downloaded many Windows updates, downloaded AVG free, and at some point in that process, and after rebooting many times - I now get an error when I try to connect - IPCfgDLL.DLL is linked to missing Wsock32.DLL - I find both files in place in the /Windows/system folder where they are supposed to be. Even though I can't connect to the net - I can connect to the LAN sporadically - sometimes not. The machine had 64mb of Ram, and I added 64 - it now runs pretty good, other than failing to connect to the net. Any suggestions before I re-install 98? I don't think the machine is strong enough for XP. Ken Hollingsworth Don't mistreat any foreigners who live in your land. Instead, treat them as well as you treat citizens and love them as much as you love yourself....[Thus says] the Lord your God. --------------------------------- Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 6 Date: Fri, 14 Apr 2006 08:10:03 -0500 From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> Subject: Re: {OT} Re: Windows ME Christopher, Interesting tale on the car. I've had somewhat the same happen to me, but that's another story. Be sure I'll never use this technician again. I've owned computers since 1989 and have never needed any work done ever. Oh sure, I've had hard drives die, but I was able to replace them myself. In fact, I've done all installations of memory, tape drive, slave hard drives, etc. myself. This was just a case of where I know it was something beyond my "expertise." I should have taken it to Best Buy. Thanks for your input. Peter ----- Original Message ----- From: <CHRIS-JO-ANN-SPILKER@xxxxxxxxxxxxxxxx> To: <mycomputerheadaches@xxxxxxxxxxxxxxx> Sent: Friday, April 14, 2006 6:42 AM Subject: Re: [MCH] {OT} Re: Windows ME Hi, This is off topic a bit ... You said: "He stated that my floppy disk drive wasn't even connected. Gee, that's funny; I just used it less than a week ago." Reminds me of an instance sometime ago with my wife's car inspection {required annually}. I waited while the car was inspected. The mechanic {and also owner} failed the car based on worn brake pads on the front wheels. I had only replaced them {myself} 7 months prior. He knew I worked on my own cars. Suspecting that I would replace them myself, he warned me that replacing the front brake pads on ABS {Antilocking Braking System} could be tricky and required one specialty tool. I thanked him, left and never went back to him. MY WIFE'S CAR DOES NOT HAVE AN ABS SYSTEM! Took my car to another garage down the street {same day} and it passed with no troubles. Asked mechanic about state of the front brake pads and he said they are practically new. I have never gone back to the first garage and have warned others of his practices. I repair computers for a living and would advise you to find another computer technician. Kind regards, Christopher J. Spilker -------------- Original message ---------------------- From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> > Thanks, Vince, for your input. The more I think about this situation, the > madder I get. I should have suspected something when he first opened up the > computer. He stated that my floppy disk drive wasn't even connected. Gee, > that's funny; I just used it less than a week ago. I know I should have > said something when he started messing with my settings, but it was all done > before I could get a word in. Not only that, he went into msconfig and > disabled the option where scandisk runs after a bad shutdown. I immediately > went back in a changed it back. > > I'm a bit more conservative than you with respect to energy usage, etc. I > have my monitor shut off after 5 minutes (I don't use screen saver); hard > disk off after 15 minutes; and system standby after 30 minutes. > > Thanks again for your input. > > Peter ==MOD RULE: Delete this line & everything below it when responding.== http://groups.yahoo.com/group/mycomputerheadaches/messages Yahoo! Groups Links ________________________________________________________________________ ________________________________________________________________________ Message: 7 Date: Fri, 14 Apr 2006 16:07:59 -0000 From: "officialbizniz" <officialbizniz@xxxxxxxxx> Subject: Re: IE pages flipping while surfing? Annie, are you telling us that if there are 3 open browsers, the one you click gets buried by the other two browsers and instead of showing the clicked browsers, the other two get on top instead? --- In mycomputerheadaches@xxxxxxxxxxxxxxx, Richard Wampler <rtwamps@...> wrote: > Annie, This happens to me too. Not constant or consistent rather occasionally. I can not figure when or why it happens. On the days or times it happens it just keeps happening. Maybe memory related? As in how long the pc has been on (time wise)? rick > > >I know it sounds weird but I will try to explain. Ok I just opened this window (<http://groups.yaho.com.....) http://groups.yaho.com.....) in IE and the windows page flipped to another IE open. Seems like the page I started viewing ends up 3 pages away and I have to alt + tab til I find my original page... Does that make sense? It happens all the time. --- In mycomputerheadaches@xxxxxxxxxxxxxxx, foofaraw in the middle <foofaraw_in_the_middle@> wrote: I still do not understand what she meant by "pages flipping". Annie? Please we need more info. ________________________________________________________________________ ________________________________________________________________________ Message: 8 Date: Fri, 14 Apr 2006 16:23:49 -0000 From: "officialbizniz" <officialbizniz@xxxxxxxxx> Subject: Re: Does anyone use YDS - yahoo desktop search?? Although you may find YDS to be a nice program, it is somewhat CPU- intensive while indexing. However, running it in low priority mode maybe able to fix this. Just launch Task Manager and look for YDS in Processes tab and rightclick it, then choose "Set Priority". Then finally choose LOW. Have you tried using Copernic Desktop Search instead? It seems to be a lot less buggy than any other similar program in its genre and far more superior in other features. Personal CDS is free. --- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Annie" <cosmaann@...> wrote: I can't find any help from their forum or any forum and I love YDS but it does freeze a lot etc...... Annie ________________________________________________________________________ ________________________________________________________________________ Message: 9 Date: Fri, 14 Apr 2006 16:36:54 -0000 From: "officialbizniz" <officialbizniz@xxxxxxxxx> Subject: Re: Windows ME You mean you are setting your PC to standby or hibernate? --- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter Churukian" <petervc@...> wrote: > > Thanks, Tom, for the reply. Well, it's too late now. He's come and gone, and, yes, it was the power supply. I do have another question, though. This guy didn't like my 'screen saver' settings, where I had my hard disk turn off after a certain length of time. He said it's hard on the drive (no pun intended) and that I should just let the thing keep running. I usually turn my computer on in the morning, then check email, etc. I leave it on, then check back every hour or so for new emails, etc. Any thoughts? Thanks. Peter ----- Original Message ----- > From: "T. Hunt" <roversouth@...> > To: <mycomputerheadaches@xxxxxxxxxxxxxxx> > Sent: Thursday, April 13, 2006 1:00 PM > Subject: Re: [MCH] Windows ME > > > > Yeah, I believe I'd look elsewhere for tech support. WindowsME is > perfectly capable of running AV programs and being protected, just like > any other Windows OS. WindowsME, however, is built on the Win98 > platform that is by design less secure than Win2K or WinXP. There is > essentially no security in the Windows ME operating system. > > The load 'pop' could very well be the power supply. You will need to > make sure of the type of power connectors so that the power supply is > replaced with one that is compatible with that motherboard. Not a > difficult task but one that has to be done right. > > Tom Peter Churukian wrote: I need a little clarification before I make an "argument" to a computer tech. I have a somewhat aged Gateway 1.5 Ghz computer with Windows ME (ca.5 yrs old). It works fine and suits my purposes, that is until earlier today. I heard a loud "pop" and the unit "died." My non-technical mind feels it must be something to due to the power supply. I called a local tech, and when he heard I had Windows ME, he was reluctant to make an attempt to fix. In fact he said to junk my machine and get a new one. His reason was that I won't be able to get antivirus software to protect it. I currently have Norton Internet Security 2005, and it seems to work fine. (I know; I know; anything Norton is not cool, but it serves me well.) I convinced him to come tomorrow anyway to see if he can get my computer up and running again. My question is: is there any truth to this person's argument that one can't protect Windows ME machines from viruses? If anyone is wondering, I writing and sending this note on my newer laptop (which has Windows XP Home). Thank you. Peter ________________________________________________________________________ ________________________________________________________________________ Message: 10 Date: Fri, 14 Apr 2006 10:05:14 -0700 (PDT) From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx> Subject: [SA19631] Firefox Multiple Vulnerabilities Secunia Security Advisories TITLE: Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19631 VERIFY ADVISORY: http://secunia.com/advisories/19631/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access WHERE: From remote SOFTWARE: Mozilla Firefox 0.x http://secunia.com/product/3256/ Mozilla Firefox 1.x http://secunia.com/product/4227/ DESCRIPTION: Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system. 1) An error exists where JavaScript can be injected into another page, which is currently loading. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site. 2) An error in the garbage collection in the JavaScript engine can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. 3) A boundary error in the CSS border rendering implementation may be exploited to write past the end of an array. 4) An integer overflow in the handling of overly long regular expressions in JavaScript may be exploited to execute arbitrary JavaScript bytecode. 5) Two errors in the handling of "-moz-grid" and "-moz-grid-group" display styles may be exploited to execute arbitrary code. 6) An error in the "InstallTrigger.install()" method can be exploited to cause a memory corruption. 7) An unspecified error can be exploited to spoof the secure lock icon and the address bar by changing the location of a pop-up window in certain situations. Successful exploitation requires that the "Entering secure site" dialog has been enabled (not enabled by default). 8) It is possible to trick users into downloading malicious files via the "Save image as..." menu option. 9) A JavaScript function created via an "eval()" call associated with a method of an XBL binding may be compiled with incorrect privileges. This can be exploited to execute arbitrary code. 10) An error where the "Object.watch()" method exposes the internal "clone parent" function object can be exploited to execute arbitrary JavaScript code with escalated privileges. Successful exploitation allows execution of arbitrary code. 11) An error in the protection of the compilation scope of built-in privileged XBL bindings can be exploited to execute arbitrary JavaScript code with escalated privileges. Successful exploitation allows execution of arbitrary code. 12) An unspecified error can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site via the window.controllers array. 13) An error in the processing of a certain sequence of HTML tags can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code. 14) An error in the "valueOf.call()" and "valueOf.apply()" methods can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site. 15) Some errors in the DHTML implementation can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. 16) An integer overflow error in the processing of the CSS letter-spacing property can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. 17) An error in the handling of file upload controls can be exploited to upload arbitrary files from a user's system by e.g. dynamically changing a text input box to a file upload control. 18) An unspecified error in the "crypto.generateCRMFRequest()" method can be exploited to execute arbitrary code. 19) An error in the handling of scripts in XBL controls can be exploited to gain chrome privileges via the "Print Preview" functionality. 20) An error in a security check in the "js_ValueToFunctionObject()" method can be exploited to execute arbitrary code via "setTimeout()" and "ForEach". 21) An error in the interaction between XUL content windows and the history mechanism can be exploited to trick users into interacting with a browser user interface which is not visible. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to versions 1.0.8 or 1.5.0.2. http://www.mozilla.com/firefox/ PROVIDED AND/OR DISCOVERED BY: 1, 9, 10, 12, 18, 20) shutdown 2) Igor Bukanov 3) Bernd Mielke 4) Alden D'Souza 5) Martijn Wargers 6) Bob Clary 7) Tristor 8) Michael Krax 11, 14, 21) moz_bug_r_a4 13, 16) TippingPoint and the Zero Day Initiative 17) Claus Jørgensen and Jesse Ruderman 19) Georgi Guninski ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.mozilla.org/security/announce/2006/mfsa2006-18.html http://www.mozilla.org/security/announce/2006/mfsa2006-19.html http://www.mozilla.org/security/announce/2006/mfsa2006-20.html http://www.mozilla.org/security/announce/2006/mfsa2006-22.html http://www.mozilla.org/security/announce/2006/mfsa2006-23.html http://www.mozilla.org/security/announce/2006/mfsa2006-24.html http://www.mozilla.org/security/announce/2006/mfsa2006-25.html http://www.mozilla.org/security/announce/2006/mfsa2006-28.html http://www.mozilla.org/security/announce/2006/mfsa2006-29.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. My Computer Headaches Forums http://mycomputerheadaches.tz4.com The latest addition to MCH family (Free, requires registration) My Computer Headaches Yahoogroup .... celebrating its 3rd Year Anniversary. http://groups.yahoo.com/group/mycomputerheadaches/ --------------------------------- Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 11 Date: Fri, 14 Apr 2006 10:06:49 -0700 (PDT) From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx> Subject: [SA19631] Firefox Multiple Vulnerabilities Secunia Security Advisories TITLE: Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19631 VERIFY ADVISORY: http://secunia.com/advisories/19631/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access WHERE: From remote SOFTWARE: Mozilla Firefox 0.x http://secunia.com/product/3256/ Mozilla Firefox 1.x http://secunia.com/product/4227/ DESCRIPTION: Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system. 1) An error exists where JavaScript can be injected into another page, which is currently loading. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site. 2) An error in the garbage collection in the JavaScript engine can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. 3) A boundary error in the CSS border rendering implementation may be exploited to write past the end of an array. 4) An integer overflow in the handling of overly long regular expressions in JavaScript may be exploited to execute arbitrary JavaScript bytecode. 5) Two errors in the handling of "-moz-grid" and "-moz-grid-group" display styles may be exploited to execute arbitrary code. 6) An error in the "InstallTrigger.install()" method can be exploited to cause a memory corruption. 7) An unspecified error can be exploited to spoof the secure lock icon and the address bar by changing the location of a pop-up window in certain situations. Successful exploitation requires that the "Entering secure site" dialog has been enabled (not enabled by default). 8) It is possible to trick users into downloading malicious files via the "Save image as..." menu option. 9) A JavaScript function created via an "eval()" call associated with a method of an XBL binding may be compiled with incorrect privileges. This can be exploited to execute arbitrary code. 10) An error where the "Object.watch()" method exposes the internal "clone parent" function object can be exploited to execute arbitrary JavaScript code with escalated privileges. Successful exploitation allows execution of arbitrary code. 11) An error in the protection of the compilation scope of built-in privileged XBL bindings can be exploited to execute arbitrary JavaScript code with escalated privileges. Successful exploitation allows execution of arbitrary code. 12) An unspecified error can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site via the window.controllers array. 13) An error in the processing of a certain sequence of HTML tags can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code. 14) An error in the "valueOf.call()" and "valueOf.apply()" methods can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site. 15) Some errors in the DHTML implementation can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. 16) An integer overflow error in the processing of the CSS letter-spacing property can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. 17) An error in the handling of file upload controls can be exploited to upload arbitrary files from a user's system by e.g. dynamically changing a text input box to a file upload control. 18) An unspecified error in the "crypto.generateCRMFRequest()" method can be exploited to execute arbitrary code. 19) An error in the handling of scripts in XBL controls can be exploited to gain chrome privileges via the "Print Preview" functionality. 20) An error in a security check in the "js_ValueToFunctionObject()" method can be exploited to execute arbitrary code via "setTimeout()" and "ForEach". 21) An error in the interaction between XUL content windows and the history mechanism can be exploited to trick users into interacting with a browser user interface which is not visible. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to versions 1.0.8 or 1.5.0.2. http://www.mozilla.com/firefox/ PROVIDED AND/OR DISCOVERED BY: 1, 9, 10, 12, 18, 20) shutdown 2) Igor Bukanov 3) Bernd Mielke 4) Alden D'Souza 5) Martijn Wargers 6) Bob Clary 7) Tristor 8) Michael Krax 11, 14, 21) moz_bug_r_a4 13, 16) TippingPoint and the Zero Day Initiative 17) Claus Jørgensen and Jesse Ruderman 19) Georgi Guninski ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.mozilla.org/security/announce/2006/mfsa2006-18.html http://www.mozilla.org/security/announce/2006/mfsa2006-19.html http://www.mozilla.org/security/announce/2006/mfsa2006-20.html http://www.mozilla.org/security/announce/2006/mfsa2006-22.html http://www.mozilla.org/security/announce/2006/mfsa2006-23.html http://www.mozilla.org/security/announce/2006/mfsa2006-24.html http://www.mozilla.org/security/announce/2006/mfsa2006-25.html http://www.mozilla.org/security/announce/2006/mfsa2006-28.html http://www.mozilla.org/security/announce/2006/mfsa2006-29.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. My Computer Headaches Forums http://mycomputerheadaches.tz4.com The latest addition to MCH family (Free, requires registration) My Computer Headaches Yahoogroup .... celebrating its 3rd Year Anniversary. http://groups.yahoo.com/group/mycomputerheadaches/ --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 12 Date: Fri, 14 Apr 2006 10:08:09 -0700 (PDT) From: foofaraw in the middle <foofaraw_in_the_middle@xxxxxxxxx> Subject: [SA19649] Mozilla SeaMonkey Multiple Vulnerabilities Secunia Security Advisories TITLE: Mozilla SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19649 VERIFY ADVISORY: http://secunia.com/advisories/19649/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Mozilla SeaMonkey 1.x http://secunia.com/product/9126/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system. For more information, see vulnerabilities #15, #16, #17, #18, #19, #20, and #21 in: SA19631 SOLUTION: Update to version 1.0.1. http://www.mozilla.org/projects/seamonkey/ OTHER REFERENCES: SA19631: http://secunia.com/advisories/19631/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. My Computer Headaches Forums http://mycomputerheadaches.tz4.com The latest addition to MCH family (Free, requires registration) My Computer Headaches Yahoogroup .... celebrating its 3rd Year Anniversary. http://groups.yahoo.com/group/mycomputerheadaches/ --------------------------------- Love cheap thrills? Enjoy PC-to-Phone calls to 30+ countries for just 2¢/min with Yahoo! Messenger with Voice. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 13 Date: Fri, 14 Apr 2006 10:30:52 -0700 From: "Ken Hollingsworth" <kenholl@xxxxxxxxx> Subject: Re: IPCfg - Win98 Thanks Casper. I hadn't heard of that one, and I'm sorry to say, it didn't do anything when I just tried it. Ken On 4/14/06, casper <officialbizniz@xxxxxxxxx> wrote: > Ken, have you tried using WinsockFix? > > > > > Ken Hollingsworth <kenholl@xxxxxxxxx> wrote: > I'm attempting to clean out an old eMachine with Win 98 > on it. When I got it, it would connect to the net, and other computers on my LAN. The complaint was viruses, and a general tune-up, updates, etc.... > > I downloaded many Windows updates, downloaded > AVG free, and at some point in that process, and after > rebooting many times - I now get an error when I try to > connect - IPCfgDLL.DLL is linked to missing Wsock32.DLL - > > I find both files in place in the /Windows/system folder where they are supposed to be. Even though I can't connect to the net - I can connect to the LAN sporadically - sometimes not. > > The machine had 64mb of Ram, and I added 64 - it now runs pretty good, other than failing to connect to the net. > Any suggestions before I re-install 98? I don't think the machine is strong enough for XP. > > Ken Hollingsworth > > > > > Don't mistreat any foreigners who live in your land. Instead, treat them as well as you treat citizens and love them as much as you love yourself....[Thus says] the Lord your God. > > --------------------------------- > Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. > > [Non-text portions of this message have been removed] > > > > ==MOD RULE: Delete this line & everything below it when responding.== > http://groups.yahoo.com/group/mycomputerheadaches/messages > > > > Yahoo! Groups Links > > > > > > > ________________________________________________________________________ ________________________________________________________________________ Message: 14 Date: Fri, 14 Apr 2006 13:38:09 -0500 From: "Peter Churukian" <petervc@xxxxxxxxxxxxxx> Subject: Re: Windows ME I'm setting it to standby. I don't think there is a hibernate feature on Windows ME. ----- Original Message ----- From: "officialbizniz" <officialbizniz@xxxxxxxxx> To: <mycomputerheadaches@xxxxxxxxxxxxxxx> Sent: Friday, April 14, 2006 11:36 AM Subject: Re: [MCH] Windows ME You mean you are setting your PC to standby or hibernate? --- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter Churukian" <petervc@...> wrote: > > Thanks, Tom, for the reply. Well, it's too late now. He's come and gone, and, yes, it was the power supply. I do have another question, though. This guy didn't like my 'screen saver' settings, where I had my hard disk turn off after a certain length of time. He said it's hard on the drive (no pun intended) and that I should just let the thing keep running. I usually turn my computer on in the morning, then check email, etc. I leave it on, then check back every hour or so for new emails, etc. Any thoughts? Thanks. Peter ----- Original Message ----- > From: "T. Hunt" <roversouth@...> > To: <mycomputerheadaches@xxxxxxxxxxxxxxx> > Sent: Thursday, April 13, 2006 1:00 PM > Subject: Re: [MCH] Windows ME > > > > Yeah, I believe I'd look elsewhere for tech support. WindowsME is > perfectly capable of running AV programs and being protected, just like > any other Windows OS. WindowsME, however, is built on the Win98 > platform that is by design less secure than Win2K or WinXP. There is > essentially no security in the Windows ME operating system. > > The load 'pop' could very well be the power supply. You will need to > make sure of the type of power connectors so that the power supply is > replaced with one that is compatible with that motherboard. Not a > difficult task but one that has to be done right. > > Tom Peter Churukian wrote: I need a little clarification before I make an "argument" to a computer tech. I have a somewhat aged Gateway 1.5 Ghz computer with Windows ME (ca.5 yrs old). It works fine and suits my purposes, that is until earlier today. I heard a loud "pop" and the unit "died." My non-technical mind feels it must be something to due to the power supply. I called a local tech, and when he heard I had Windows ME, he was reluctant to make an attempt to fix. In fact he said to junk my machine and get a new one. His reason was that I won't be able to get antivirus software to protect it. I currently have Norton Internet Security 2005, and it seems to work fine. (I know; I know; anything Norton is not cool, but it serves me well.) I convinced him to come tomorrow anyway to see if he can get my computer up and running again. My question is: is there any truth to this person's argument that one can't protect Windows ME machines from viruses? If anyone is wondering, I writing and sending this note on my newer laptop (which has Windows XP Home). Thank you. Peter ==MOD RULE: Delete this line & everything below it when responding.== http://groups.yahoo.com/group/mycomputerheadaches/messages Yahoo! Groups Links ________________________________________________________________________ ________________________________________________________________________ Message: 15 Date: Fri, 14 Apr 2006 17:32:30 -0700 (PDT) From: Estavi Meilu <estavi2@xxxxxxxxx> Subject: Re: Windows ME Doesn't Hibernate apply to laptobs, not Desktops? Estavi --- Peter Churukian <petervc@xxxxxxxxxxxxxx> wrote: > I'm setting it to standby. I don't think there is a > hibernate feature on > Windows ME. > > ----- Original Message ----- > From: "officialbizniz" <officialbizniz@xxxxxxxxx> > To: <mycomputerheadaches@xxxxxxxxxxxxxxx> > Sent: Friday, April 14, 2006 11:36 AM > Subject: Re: [MCH] Windows ME > > > > > You mean you are setting your PC to standby or > hibernate? > > > > --- In mycomputerheadaches@xxxxxxxxxxxxxxx, "Peter > Churukian" > <petervc@...> wrote: > > > > Thanks, Tom, for the reply. Well, it's too late > now. He's come > and gone, and, yes, it was the power supply. > I do have another question, though. This guy didn't > like my 'screen > saver' settings, where I had my hard disk turn off > after a certain > length of time. > He said it's hard on the drive (no pun intended) and > that I should > just let the thing keep running. I usually turn my > computer on in > the morning, then check email, etc. I leave it on, > then check back > every hour or so for new emails, etc. Any thoughts? > Thanks. > Peter > > > > ----- Original Message ----- > > From: "T. Hunt" <roversouth@...> > > To: <mycomputerheadaches@xxxxxxxxxxxxxxx> > > Sent: Thursday, April 13, 2006 1:00 PM > > Subject: Re: [MCH] Windows ME > > > > > > > > Yeah, I believe I'd look elsewhere for tech > support. WindowsME is > > perfectly capable of running AV programs and being > protected, just > like > > any other Windows OS. WindowsME, however, is > built on the Win98 > > platform that is by design less secure than Win2K > or WinXP. There > is > > essentially no security in the Windows ME > operating system. > > > > The load 'pop' could very well be the power > supply. You will need > to > > make sure of the type of power connectors so that > the power supply > is > > replaced with one that is compatible with that > motherboard. Not a > > difficult task but one that has to be done right. > > > > Tom > > > > Peter Churukian wrote: > I need a little clarification before I make an > "argument" to a > computer tech. I have a somewhat aged Gateway 1.5 > Ghz computer with > Windows ME (ca.5 yrs old). It works fine and suits > my purposes, > that is until earlier today. I heard a loud "pop" > and the > unit "died." My non-technical mind feels it must be > something to > due to the power supply. I called a local tech, and > when he heard I > had Windows ME, he was reluctant to make an attempt > to fix. In fact > he said to junk my machine and get a new one. His > reason was that I > won't be able to get antivirus software to protect > it. I currently > have Norton Internet Security 2005, and it seems to > work fine. (I > know; I know; anything Norton is not cool, but it > serves me well.) > I convinced him to come tomorrow anyway to see if he > can get my > computer up and running again. > > My question is: is there any truth to this person's > argument that > one can't protect Windows ME machines from viruses? > If anyone is wondering, I writing and sending this > note on my newer > laptop (which has Windows XP Home). > Thank you. > Peter > > > > > > > > ==MOD RULE: Delete this line & everything below it > when responding.== > http://groups.yahoo.com/group/mycomputerheadaches/messages > > > > Yahoo! Groups Links > > > > > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ________________________________________________________________________ ________________________________________________________________________ Message: 16 Date: Fri, 14 Apr 2006 21:28:03 -0500 From: "Wyatt M. Portendt" <wyatt.m.portendt@xxxxxxxxx> Subject: Re: Windows ME No, you can protect ME - it's just harder, because it's based on the 9x architecture and has just too many avenues for viruses to approach. I'd bet on the power supply. Every time I ever heard that pop, that's what it was. Maybe look for another tech. I dislike ME greatly, but I'll work on it. I hate OE, but I work on that too. I don't work on 95 anymore, but only because it's pointless. On or about 4/12/2006 10:33 PM, the one known as Peter Churukian was rumoured to have uttered... > I need a little clarification before I make an "argument" to a computer tech. I have a somewhat aged Gateway 1.5 Ghz computer with Windows ME (ca. 5 yrs old). It works fine and suits my purposes, that is until earlier today. I heard a loud "pop" and the unit "died." My non-technical mind feels it must be something to due to the power supply. I called a local tech, and when he heard I had Windows ME, he was reluctant to make an attempt to fix. In fact he said to junk my machine and get a new one. His reason was that I won't be able to get antivirus software to protect it. I currently have Norton Internet Security 2005, and it seems to work fine. (I know; I know; anything Norton is not cool, but it serves me well.) I convinced him to come tomorrow anyway to see if he can get my computer up and running again. > > My question is: is there any truth to this person's argument that one can't protect Windows ME machines from viruses? > > If anyone is wondering, I writing and sending this note on my newer laptop (which has Windows XP Home). > > Thank you. > > Peter ________________________________________________________________________ ________________________________________________________________________ ==MOD RULE: Delete this line & everything below it when responding.== http://groups.yahoo.com/group/mycomputerheadaches/messages ------------------------------------------------------------------------ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/mycomputerheadaches/ <*> To unsubscribe from this group, send an email to: mycomputerheadaches-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ------------------------------------------------------------------------ see the Yahoo home page http://groups.yahoo.com/group/mycomputerheadaches/ See the self help page here //www.freelists.org/cgi-bin/webpage?webpage_id=mch