There are some critical patches that need your attention today. Both Adobe and Mozilla released patches addressing critical zero-day vulnerabilities.
Mozilla released patches affecting Firefox, Thunderbird and SeaMonkey. A critical vulnerability (CVE-2010-3765) was discovered with Firefox on Windows XP systems. This vulnerability could result in remote code execution. A patch was released for each of the Mozilla products because Thunderbird and SeaMonkey share the same code base for this vulnerability. The zero-day vulnerability was the only fix in this release.
On 10/21, Adobe released a security advisory (APSA10-04) for Adobe Shockwave Player 22.214.171.1242 and earlier versions. The vulnerability, CVE-2010-3653, could result in remote code execution. At the time of the security advisory release, there were no known attacks against the vulnerability. Adobe updated the advisory yesterday stating this vulnerability has moved to a zero-day vulnerability as there have been reports of attacks in the wild against the vulnerability.
Keep an eye on Adobe’s website for the bulletin release today.
Adobe released the security bulletin for Adobe Shockwave. Shockwave Player 126.96.36.1995 fixes 11 vulnerabilities. More information can be on the bulletin page: APSB10-25.
– Jason Miller