The Mozilla Foundation has release a security updates to address multiple vulnerabilities in Firefox, Thunderbird, Firefox ESR and Netscape Portable Runtime. These updates address vulnerabilities that could allow an attacker to execute arbitrary code, cause denial of service attack or conduct clickjacking attacks.

Updates available include:
• Firefox 30
• Firefox ESR 24.6
• Thunderbird 24.6
• Netscape Portable Runtime 4.10.6

Users and administrators are encouraged to review the Security advisories released from Mozilla Foundation for Firefox, Firefox ESR,Thunderbird and Netscape Portable Runtime to apply the necessary updates.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Lync and Internet Explorer. These updates address vulnerabilities that could allow remote code execute or denial of service attack.
Users and administrators are encouraged to review the Microsoft Security Bulletin and apply the necessary updates.

Adobe has released security updates for Adobe Flash Player and Air. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.
The following updates are available:
• Adobe Flash Player 14.0.0.125 for Windows, Macintosh and Linux
• Adobe Flash Player 11.2.202.378 for Macintosh and Linux
• Adobe AIR 14.0.0.110 for Windows, Macintosh and Android
• Adobe AIR SDK and Compiler 14.0.0.110 for Windows, Macintosh, Android and iOS
• Adobe AIR SDK 14.0.0.110 for Windows, Macintosh, Android and iOS

Users and administrators are encouraged to review the Adobe Security Bulletin and apply the necessary updates.

Google has release a security updates to address multiple vulnerabilities in chrome and chrome OS, these updates address vulnerabilities that could allow an attacker to take control of the affected system or could cause denial of service attack on targeted system.

Updates available include:
• Chrome 35.0.1916.153 for Windows, Mac and Linux
• Chrome OS 35.0.1916.155 for all Chrome OS devices

Users and administrators are encouraged to review the Google Chrome release blog entries and apply the necessary updates.

TZCERT-2014-03: Vulnerability Alert

OpenSSL Vulnerability by Man in The Middle (MITM) attack

Date of First Release: 09-06-2014

Source: US-CERT, OpenSSL

OS Affected: Fedora Project, FreeBSD Project, Debian GNU/Linux, OpenSSL, Red Hat, Inc., Ubuntu.

Overview: A carefully crafted handshake can be used by an attackers to force the use of weak keying material in OpenSSL SSL/TLS clients and servers.

Description: The OpenSSL Project has released updates for OpenSSL 0.9.8, 1.0.0 and 1.0.1 to fix vulnerabilities that could allow an attacker use weak keying material in OpenSSL SSL/TLS clients and servers.

Impact: The vulnerability when exploited by “Man In The Middle” (MITM) attack, could allow an attacker to decrypt and modify the traffic from the attacked client and server.

Solution: Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

References:

https://www.openssl.org/news/secadv_20140605.txt
http://www.kb.cert.org/vuls/id/978508