Microsoft, Oracle, and Mozilla Thunderbird — The BugBlog Report

Here are some of the most significant bugs from the past week in the BugBlog:

Microsoft will be re-issuing their MS06-015 security patch, which was released on April 11, 2006, to patch some critical security holes in Windows Explorer. Unfortunately, the patch also caused some major compatibility problems with third-party applications, including the Hewlett-Packard Share-to-Web service, Sunbelt Software's Kerio Personal Firewall, and older drivers for NVIDIA graphics cards. The revised patch is being tested. Look for it around April 25.

Oracle has released a critical patch update that fixes security bugs in many of their products, including: Oracle Database 2,3, 8i, 9i and 10; Enterprise Manager, Application Server, Collaboration Suite, E-Business Suite, and PeopleSoft Enterprise Tools. They have also released a password scanner to look for older Oracle applications that may have been installed with well-known default passwords still in place. Find out more at Oracle's security page.

There is a security bug that may hit Mozilla Thunderbird when you forward mail in-line (instead of as an attachment.) Any JavaScript that is embedded in the message may execute. This will happen if you are use the default HTML editor. You can prevent this by switching to plain text mail composition. Better yet, update to Thunderbird 1.5.0.2, Thunderbird 1.0.8, or the Mozilla Suite 1.7.13 to fix it completely. Mozilla credits Georgi Guninski for finding this bug.

Article Author: Bruce Kratofil

Bruce Kratofil blogs on bugs and other things that can go wrong with your computer at The BugBlog, and writes about computers and economics at BJK Research

Visit Bruce Kratofil's author page — Bruce Kratofil's Blog