Jordi Chanel discovered a spoofing vulnerability of the URL location bar
using the document.location property.
CVE-2009-3984:
Jonathan Morgan discovered that the icon indicating a secure connection
could be spoofed through the document.location property.
CVE-2009-3983:
Takehiro Takahashi discovered that the NTLM implementaion is vulnerable
shortcut and menu commands (CVE-2008-4197).
* Lars Kleinschmidt discovered that Opera, when rendering an HTTP
page that has loaded an HTTPS page into a frame, displays a padlock
icon and offers a security information dialog reporting a secure
connection (CVE-2008-4198).
* Opera does not prevent use of links from web pages to feed source
files on the local disk (CVE-2008-4199).
* Opera does not ensure that the address field of a news feed
the destination server.
Impact
------
When using affected versions of the JSCAPE secure FTP applet, users are not
able to identify man-in-the-middle attacks. The supposedly secure connection
is no longer secure. An attacker is able to eavesdrop on the connection in
order to extract username and password or take over the initiated session.
Solution
--------
service. A remote attacker could cause Pidgin to download arbitrary files
and cause a denial of service from memory or disk space exhaustion.
(CVE-2008-2957)
It was discovered that Pidgin did not validate SSL certificates when using a
secure connection. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information. This update alters Pidgin behaviour by asking users to confirm
the validity of a certificate upon initial login. (CVE-2008-3532)
Read more about SSH Host verification:
http://www.securityfocus.com/infocus/1806
Impact
^^^^^^
The supposedly secure connection is no longer secure. n.runs was able to
extract login, password and data with a simple SSH Man in the Middle attack.
Solution:
^^^^^^^^^
Upgrade to version 4.9.0 or above
