Monthly Archives: February 2010

CVE-2010-0159 (debian_linux, firefox, seamonkey, thunderbird, ubuntu_linux)

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

CVE-2010-0307 (debian_linux, linux_kernel, ubuntu_linux)

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.

Shmoocon 2010 Podcaster Meetup

Chaos. Intelligent Debate. Shmooball fights. Keg Stands. Educated Opinions.

Thats right get all of that and more when you listen to the audio from the 2010 Shmoocon Podcaster Meetup!

Here's what the press has to say:

"The security podcasters’ meet-up on Saturday night was more like a Motley Crue concert than anything else. The podcasters on stage resembled the head table at a Klingon wedding. But drunken antics conference-wide were minimal, and some decent food for thought came out of the podcasting event despite the rowdiness."

-- Bill Brenner, CSO Online

"The podcasters meetup is like watching a bunch of monkeys fn a football with add!"

-- "@secbarbie"

You be the judge!

Audio Feeds: