Mozilla Firefox 3.0.3

What’s New in Firefox 3.0.3
Firefox 3.0.3 contains the following changes:
* Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708)
* See the Firefox 3.0.2 release notes for previous changes.

Download: http://www.mozilla.com/en-US/firefox/
Release Notes: http://www.mozilla.com/en-US/firefox/3.0.3/releasenotes/

Mac OS X Java Multiple Vulnerabilities

Description:
Some vulnerabilities have been reported and acknowledged in Java for Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system.

1) An error leading to the use of an uninitialized variable exists in the hash-based Message Authentication Code (HMAC) provider. This can potentially be exploited to execute arbitrary code when a user visits a web page containing a specially crafted java applet.

2) An error in the Java plug-in within the handling of "file://" URLs can be exploited to launch local files when a user visits a web page containing a specially crafted java applet.

Mac OS X 10.4 is reportedly not affected.

3) Some vulnerabilities in Java 1.4.2_16 and Java 1.5.0_13 can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system

Solution:
-- Java for Mac OS X 10.4 --
Update to Release 7:
http://www.apple.com/support/downloads/javaformacosx104release7.html

-- Java for Mac OS X 10.5 --
Apply Update 2:
http://www.apple.com/support/downloads/javaformacosx105update2.html

http://secunia.com/advisories/32018/

Firefox 3.03 update coming soon

A bug, found in yesterday’s Firefox 3.0.2 update, that prevents access to saved passwords that include international characters either in the web address the password is saved for, the login, or the password itself, has prompted planning for a quick Firefox update.

http://mozillalinks.org/wp/2008/09/quick-firefox-update-on-its-way-to-fix-saved-credentials-access-issues/

Malwarebytes' Anti-Malware 1.28

Version 1.28 (September 10th, 2008)

1. (FIXED) Problem with heuristics on Windows 2000.
2. (ADDED) Better malware regeneration prevention on reboot.

http://www.malwarebytes.org/forums/index.php?showtopic=6241&view=findpost&p=27396

Download: http://www.malwarebytes.org/mbam.php

EstDomains declares global war on malware

EstDomains, Inc: Global Struggle Against Malware Distribution

EstDomains, Inc, a US-based domain name Registrar, officially declares opposition to malware mongers in order to protect Internet users from attacks on their computers or stealing of their important data. EstDomains, Inc pays special attention to domain name holders' private data protection and secure money transaction operations. It can be said in all modesty that EstDomains, Inc has succeed in protecting its customers from any possible occurrence of fraudulence or cracking. However, being an eminent member of interactive community, EstDomains, Inc management along with other giants of online industry continues its struggle against malicious software distribution and is giving its best to work out even more efficient solutions for detecting malware sources.

More here (thanks Ferg).

http://feeds.feedburner.com/~r/SunbeltBlog/~3/393608199/estdomains-proclaims-global-war-on.html