1. Apple Releases Safari v3.1.2 for Windows
(News/CERT)

...lorer zone, which may lead to automatic arbitrary code execution a memory corruption issue in the handling of JavaScript arrays by WebKit that may lead to an unexpected application termination or arbi...

2. United States Tax Court Phishing Attack
(News/CERT)

...k to download additional information or documents. If a user clicks on this link, the website attempts to use JavaScript to install a bogus root certificate that is supposedly issued by "VeriSign Trus...

3. Compromised Websites Hosting Malicious JavaScript
(News/CERT)

...ttacks that have compromised a large number of legitimate websites. The compromised websites contain injected JavaScript that attempts to exploit multiple, known vulnerabilities. Users who visit a com...

4. Mozilla Releases Firefox 2.0.0.14
(News/CERT)

Mozilla has released Firefox 2.0.0.14 to address a vulnerability in the JavaScript engine. This vulnerability is due to memory corruption errors during JavaScript garbage collection. Exploitation of t

5. Search Engine IFRAME Injection Attacks
(News/CERT)

...he risk of this and similar attacks:Regularly apply software updates and patches provided by vendors. Disable JavaScript and ActiveX as described in the Securing Your Web Browser document. US-CERT has...

6. Compromised Websites Redirect Users to Malicious Websites
(News/CERT)

...arge number of legitimate websites. The reports indicate that attackers are modifying the sites and embedding JavaScript code. Users who visit one of these infected websites may be unknowingly redirec...

7. Websites Compromised Through SQL Injection
(News/CERT)

...legitimate websites. The reports indicate that attackers are modifying the sites and embedding a reference to JavaScript code. Users who visit one of these infected websites may unknowingly execute ma...

8. Sun Java SE Updates
(News/CERT)

...Parsing Library Sun Alert 233326 - Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges through Java APIs Sun Alert 233327 - Buffer Overflow...

9. Widespread SQL Injection Attacks Compromising Websites
(News/CERT)

...ites across all sectors.  The compromised sites have been modified to include a reference to a malicious JavaScript file. When a user unknowingly visits a compromised site, they are silently re-d...

10. Flash File Cross-Site Scripting Vulnerabilities
(News/CERT)

...lnerable system. The flaws exist in the way that input is validated when passed to embedded ActionsScript and JavaScript in the SWF file. Authoring tools that automatically generate Flash files may in...

11. Google Orkut Worm
(News/CERT)

... visits an infected Orkut profile, the user becomes infected by a "scrap" that references a remote, malicious javascript file (virus.js).US-CERT urges users to take the following preventative measures...