O'Grady's PowerPage

Tag: XSS

  • VLC updated to 2.0.7

    vlclogo.jpg

    Video Lan Client, the nigh-indispensable open source media player for multiple audio and video formats (MPEG, MPEG-2, MPEG-4, Divx, ogg, etc.), was updated to version 2.0.7. The new version, a 41.9 megabyte download, adds the following fixes and changes:
    – Fix track selection for PowerPC machines.

    – Fix audio decoding for WMA Pro, MPEG 4 ALS, APE, MLP and ADPCM-IMA4.

    – Fix audio encoding for MP3 and AAC.

    – Numerous translations updates and new Azerbaijani, Kirgyz, Oriya translations.

    – Fix a memory leak when creating AVI files.

    – Fix two XSS vulnerabilities in the Web UI.

    – Fix memory exhaustion vulnerability in some playlist files.

    – Fix a libVLC crash in OS X port.

    VLC 2.0.7 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

    If you’ve tried the new version and have any feedback to offer, let us know in the comments.

  • Google Chrome 5.0.375.70 out the door

    google-chrome-logo

    Google Chrome, Google’s new web browser, just reached version 5.0.375.70 for the Mac. The new version, an 25.2 megabyte download, offers the following the following changes:

    – Medium: Cross-origin keystroke redirection. Credit to Michal Zalewski of Google Security Team.

    – High Cross-origin bypass in DOM methods. Credit to Sergey Glazunov.

    – High: Memory error in table layout. Credit to wushi of team509.

    – High: Linux sandbox escape. Credit to Mark Dowd under contract to Google Chrome Security Team.

    – High: Bitmap stale pointer. Credit to Mark Dowd under contract to Google Chrome Security Team.

    – High: Memory corruption in DOM node normalization. Credit to Mark Dowd under contract to Google Chrome Security Team.

    – High: Memory corruption in text transforms. Credit to wushi of team509.

    – Medium: XSS in inner HTML property of text area. Credit to sirdarckcat of Google Security Team.

    – High: Memory corruption in font handling. Credit: Apple.

    – High: Geolocation events fire after document deletion. Credit to Google Chrome Security Team (Justin Schuh).

    – High: Memory corruption in rendering of list markers. Credit: Apple.

    Google Chrome requires Mac OS X 10.5 or later and an Intel-based Mac to install and run.

    If you’ve played with it and have an opinion, let us know what you think in the comments.

  • Apple releases Safari 5.0 web browser

    safarilogo.jpg

    Amidst yesterday’s Worldwide Developers Conference announcements, Apple finally released Safari 5.0, the newest version of its web browser. The new version, available here (or via Mac OS X’s Software Update feature), sports the following fixes and changes:

    – Safari Reader: Click on the new Reader icon to view articles on the web in a single, clutter-free page.

    – Improved Performance: Safari 5 executes JavaScript up to 25% faster than Safari 4. Better page caching and DNS prefetching speed up browsing.

    – Bing Search Option: New Bing search option for Safari’s Search Field, in addition to Google and Yahoo!.

    – Improved HTML5 support: Safari supports over a dozen new HTML5 features, including Geolocation, full screen for HTML5 video, closed captions for HTML5 video, new sectioning elements (article, aside, footer, header, hgroup, nav and section), HTML5 AJAX History, EventSource, WebSocket, HTML5 draggable attribute, HTML5 forms validation, and HTML5 Ruby.

    – Safari Developer Tools: A new Timeline Panel in the Web Inspector shows how Safari interacts with a website and identifies areas for optimization. New keyboard shortcuts make it faster to switch between panels.
    – Smarter Address Field: The Smart Address Field can now match text against the titles of webpages in History and Bookmarks, as well as any part of their URL.
    – Tabs Setting: Automatically open new webpages in tabs instead of in separate windows.

    – Hardware Acceleration for Windows: Use the power of the computer’s graphics processor to smoothly display media and effects on PC as well as Mac.

    – Search History with Date: A new date indicator in Full History Search shows when webpages were viewed.

    – Top Sites/History Button: Switch easily between Top Sites and Full History Search with a new button that appears at the top of each view.

    – Private Browsing Icon: A “Private” icon appears in the Smart Address Field when Private Browsing is on. Click on the icon to turn off Private Browsing.

    – DNS Prefetching: Safari looks up the addresses of links on webpages and can load those pages faster.

    – Improved Page Caching: Safari can add additional types of webpages to the cache so they load quickly.

    – XSS Auditor: Safari can filter potentially malicious scripts used in cross-site scripting (XSS) attacks.

    – Improved JavaScript Support: Safari allows web applications that use JavaScript Object Notation (JSON) to run faster and more securely.

    Safari 5.0 requires Mac OS X 10.5.8 (under Mac OS X 10.5) or Mac OS X 10.6.2 (under Mac OS X 10.6) or later to install and run and is available for free.