Apple, Microsoft, and Mozilla - The BugBlog Report 2/19/07

Here are some of the most significant bugs from the past week in the BugBlog:

Apple's Security Update 2007-002 fixes two bugs in iChat for Mac OS X 10.3.9 and 10.4.8. One bug may let attackers on a local network crash the iChat client. The second may cause iChat to crash or possibly run hostile code, if you visit a malicious website. These bugs were originally reported by the Month of Apple Bugs project.

Now that Microsoft has released a patch for previous zero-day bugs plaguing Microsoft Word, it is time for the bad guys to release new zero-day bugs. Microsoft says they are researching a new bug that may target Word 2000 and Word XP. The vulnerability can only be triggered if you open a maliciously-designed document. Microsoft is tracking this particular bug here.

There is a bug in the way that Mozilla browsers, including Firefox, handle URIs in a webpage with frames. This may allow an opportunity for a cross-site scripting attack, where a user can be tricked into giving information to a malicious website. There is no fix yet. You can see the details at US-CERT. Michal Zalewski is credited with finding this bug.

Article Author: Bruce Kratofil

Bruce Kratofil blogs on bugs and other things that can go wrong with your computer at The BugBlog, and writes about computers and economics at BJK Research

Visit Bruce Kratofil's author page — Bruce Kratofil's Blog