lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 18 Nov 2004 15:08:41 -0800
From: "Zone Labs Product Security" <Product-Security@...elabs.com>
To: <bugtraq@...urityfocus.com>
Subject: Zone Labs Security Advisory: Ad-Blocking Instability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________

Zone Labs Security Advisory ZL04-019
Zone Labs Ad-Blocking Instability

Date Published                November 18, 2004
Date Last Revised             November 18, 2004

Severity                      Low
____________________________________________________________

Overview
- -------
ZoneAlarm Security Suite and ZoneAlarm Pro have been updated
to address a vulnerability in their ad-blocking functions.
Specially crafted JavaScript may cause a user's system to
become unstable or lock.

Impact
- -----
The ad-blocking feature in Zone Labs products is turned off
by default. If this feature has not been enabled, you are
not impacted by this vulnerability.

Specially crafted JavaScript placed on a malicious website
may cause the software to become unstable and/or lock the
system.

This issue presents no other risks to the computer user.

Affected Products
   o  ZoneAlarm Security Suite, ZoneAlarm Pro

Unaffected Products
   o  No other Zone Labs products are affected by this issue

Description
- ----------
ZoneAlarm Security Suite and ZoneAlarm Pro provide features
to block specific types of advertising from websites.
However, using specially crafted JavaScript, a malicious web
page could cause the software or system to lock.

This vulnerability requires two specific prerequisites:

   o  Ad-blocking must be enabled
   o  The user must view a website with malicious Java
      Script

This vulnerability has been resolved in version 5.5.062 of
affected Zone Labs products. Version 5.5.062 was released on
November 8, 2004.

Users configured to receive automatic product updates will
receive this update automatically. Users configured to
receive manual updates should use the "Check For Update"
option -- see the Recommended Actions section below.

Recommended Actions
- ------------------
ZoneAlarm Security Suite and ZoneAlarm Pro users will
receive the update through a product update.

   o  Users with automatic updates:
      You receive the update automatically. No further
      action is required.

   o  Users with manual updates:
      To manually update your Zone Labs software:

      1. Select Overview | Preferences.

      2. In the Check For Update section, click
      "Check For Update".

      3. If neccesary, follow the instructions to update
      your software.

ZoneAlarm Security Suite and ZoneAlarm Pro versions 5.5.062
and newer are not impacted by this issue.

Related Resources
   o  Zone Labs Security Response Center:
      http://www.zonelabs.com/security

Acknowledgments
Zone Labs would like to thank Nicolas Robillard for
reporting this issue.

Contact
Zone Labs customers may direct vulnerability concerns or
additional technical questions to the Technical Support
group at:

http://www.zonelabs.com/support/

To report security issues with Zone Labs products contact:
security@...elabs.com


Disclaimer
The information in the advisory is believed to be accurate
at the time of publishing based on currently available
information. Use of the information constitutes acceptance
for use in an AS IS condition. There are no warranties with
regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or
reliance on, this information. Zone Labs and Zone Labs
products, are registered trademarks of Zone Labs, LLC.
and/or affiliated companies in the United States and other
countries. All other registered and unregistered trademarks
represented in this document are the sole property of their
respective companies/owners.

Copyright
(C) 2004 Zone Labs LLC. All rights reserved. Zone Labs,
TrueVector, ZoneAlarm, and Cooperative Enforcement are
registered trademarks of Zone Labs, LLC. The Zone Labs logo,
 and IMsecure are trademarks of Zone Labs, LLC. Zone Labs
Integrity protected under U.S. Patent No.  5,987,611. Reg.
U.S. Pat. & TM Off.. All other trademarks are the property
of their respective owners.

Any reproduction of this alert other than as an unmodified
copy of this file requires authorization from Zone Labs.
Permission to electronically redistribute this alert in its
unmodified form is granted. All other rights, including the
use of other media, are reserved by Zone Labs, LLC.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQZ0q3VDxXw2Is3mLEQLY0wCgj4FTb/bhYWkO5hMkrXyAMqoAsHsAn3Xk
DzdpDDdG2hOHohckhaltdhjT
=KcGb
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ