Apple's Security Update 2006-003 squashes a bug in LaunchServices for Mac OS X 10.4.6 Client and Server. According to Apple, a long file name extension may interfere with Download Validation. This may let an attacker design a file with unsafe content, but appears to be safe to Mac OS X 10.4, which will then let an application, such as Safari, open the file. The security update does a better job of checking long file name extensions. Security Update 2006-003 includes many more fixes for bugs that may allow an attacker to run hostile code on your computer.

There is a bug in Mozilla Firefox 1.5.0.3, according to the Sans Internet Storm Center. A web page can be designed in a way to trick the function that automatically opens your email program when you click on a mailto: link, so that one click may rapidly open up 100 email windows on your computer, crashing it in a denial of service attack. It does not appear that attackers can use this to run code on your system.

A bug has been found in the Sophos line of anti-virus products. The bug is in the way that Microsoft Cabinet (.CAB) files are unpacked. An attacker may be able to construct a .CAB file in a way that lets them sneak their code onto your computer and then execute it. Sophos has updates available. See the chart at Sophos for information on each product. It does not appear that this flaw has been exploited yet, although now the bad guys know where to look.