lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041118225001.13429.qmail@www.securityfocus.com>
Date: 18 Nov 2004 22:50:01 -0000
From: Nicolas Robillard <nicolas.robillard@...lavalin.com>
To: bugtraq@...urityfocus.com
Subject: Zone Labs Ad-Blocking Instability




FYI

Zone Labs Ad-Blocking Instability

Overview: ZoneAlarm® Security Suite and ZoneAlarm® Pro have been updated to address a vulnerability in their ad-blocking functions. Specially crafted JavaScript may cause a user's system to become unstable or lock

Date Published: November 18, 2004
Date Last Revised: November 18, 2004

Impact: The ad-blocking feature in Zone Labs products is turned off by default. If this feature has not been enabled, you are not impacted by this vulnerability.

Specially crafted JavaScript placed on a malicious website may cause the software to become unstable and/or lock the system. 

This issue presents no other risks to the computer user

Affected Products:

ZoneAlarm Security Suite, ZoneAlarm Pro 
Unaffected Products:

No other Zone Labs products are affected by this issue 
Description: ZoneAlarm Security Suite and ZoneAlarm Pro provide features to block specific types of advertising from websites. However, using specially crafted JavaScript, a malicious webpage could cause the software or system to lock. This vulnerability requires two specific prerequisites: 

Ad-blocking must be enabled 
The user must visit a website with malicious Java Script 
This vulnerability has been resolved in version 5.5.062 of affected Zone Labs products. Version 5.5.062 was released on November 8, 2004. 

Users configured to receive automatic product updates will receive this update automatically. Users configured to receive manual updates should use the Check For Update option – see the Recommended Actions section below.

Recommended Actions: ZoneAlarm Security Suite and ZoneAlarm Pro users will receive the update through a product update.

Users with automatic updates:
You receive the update automatically. No further action is required.

Users with manual updates:
To manually update your Zone Labs software:

Select Overview | Preferences. 
In the Check For Update section, click Check For Update. 
If neccesary, follow the instructions to update your software. 
ZoneAlarm Security Suite and ZoneAlarm Pro versions 5.5.062 and newer are not impacted by this issue. 

Related Resources:

Zone Labs Security Response Center:
http://www.zonelabs.com/security 
Acknowledgments: Zone Labs would like to thank Nicolas Robillard for reporting this issue.

Contact: Zone Labs customers who are concerned about information contained in this advisory or have additional technical questions may reach our Technical Support team at: http://www.zonelabs.com/support/. To report security issues with Zone Labs products contact security@...elabs.com.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Copyright: ©2004 Zone Labs LLC, A Check Point Company All rights reserved. Zone Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone Labs LLC, A Check Point Company The Zone Labs logo, Check Point Integrity and IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC, A Check Point Company All other trademarks are the property of their respective owners.

Any reproduction of this alert other than as an unmodified copy of this file requires authorization from Zone Labs. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Zone Labs LLC, a Check Point Company.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ