BugBlog Report 12/11/05: Mozilla, Sony, ISAKMP

Part of: BugBlog
Author: Bruce KratofilPublished: Dec 11, 2005 at 7:49 pm 2 comments

Here are some of the most significant bugs from the past week in the BugBlog.

Sony BMG now says they used another digital rights management (DRM) scheme on other music CDs. This software, SunnCom MediaMax 5, also has a bug that may allow for privilege elevation. Sony and SunnCom have provided a patch, but independent security researchers say the patch itself has problems and you shouldn't use it. The list of bad CDs is at http://www.sunncomm.com/support/faq/releases.asp, although it may be more effective to just avoid Sony altogether. The Electronic Frontier Foundation has a FAQ page with many details at http://www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php#2.

There is a bug in the newly released Mozilla Firefox 1.5 that may cause it to crash if you visit a malicious website. That site would need to exploit a bug in Firefox's history.dat file, which keeps track of the pages you visited. If you visit a site that has a page with a long topic, you will crash Firefox. To get it working again, you will need to erase its histry.dat file, which will be in a users Documents and Settings folder, in Application\Mozilla\Firefox\Profiles\{active profile}. As a workaround, you could go to Tools, Options, Privacy, History, and set the days history saved to 0.

A bug in the protocol called Internet Key Exchange version 1 will cause vulnerabilities in products from a number of vendors. The key exchange is a method that Internet Security Association and Key Management Protocol (ISAKMP) may use to get computers to authenticate each other over a network. With the bug, a remote attacker may be able to gain access to a computer system. According to US CERT, these vendors may have vulnerable products: Check Point, Cisco, QNX, Stonesoft, and Sun Microsystems. More companies may be added to the list. See http://www.kb.cert.org/vuls/id/226364 for updates.

See the BugBlog for continuing coverage of bugs and other things that go wrong with your computer.

Article tags

Spread the word
Bookmark and Share
Profile image for bruce-kratofil

Article Author: Bruce Kratofil

Bruce Kratofil blogs on bugs and other things that can go wrong with your computer at The BugBlog, and writes about computers and economics at BJK Research

Visit Bruce Kratofil's author pageBruce Kratofil's Blog

Read comments on this article, and add some feedback of your own
  • No image found
  • No image found
  • No image found
  • No image found
  • No image found
  • No image found
  • No image found

Article comments

  • 1 - Aaman

    Dec 11, 2005 at 11:31 pm

    Is there a fix for the Firefox bug yet? I installed 1.5 recently

  • 2 - Bruce Kratofil

    Dec 12, 2005 at 7:39 pm

    There is no fix yet - but there is some workaround info. That's probably where they will post news of a fix, too.

    This isn't going to be a problem at 99.5% of websites- it just if you happen to visit one where they are intentionally trying to harm their visitors.

Add your comment, speak your mind

Personal attacks are NOT allowed.
Please read our comment policy.
Please preview your comment.

blogcritics lists for May 21, 2013

fresh articles Most recent articles site-wide

fresh comments Most recent comments site-wide

most comments Most comments in 24hrs

top writers Most prolific Blogcritics for April

top commenters Most prolific Commenters in 24 hrs

Sci/Tech Highlights