what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

zoneAdBlock.txt

zoneAdBlock.txt
Posted Nov 20, 2004
Site zonelabs.com

ZoneAlarm Security Suite and ZoneAlarm Pro have been updated to address a vulnerability in their ad-blocking functions.

tags | advisory
SHA-256 | 6cdb000d655e7f0ca7361b33bdc652f24d545c5b63e5cd6664020f90d068fe59

zoneAdBlock.txt

Change Mirror Download


FYI

Zone Labs Ad-Blocking Instability

Overview: ZoneAlarm® Security Suite and ZoneAlarm® Pro have been updated to address a vulnerability in their ad-blocking functions. Specially crafted JavaScript may cause a user's system to become unstable or lock

Date Published: November 18, 2004
Date Last Revised: November 18, 2004

Impact: The ad-blocking feature in Zone Labs products is turned off by default. If this feature has not been enabled, you are not impacted by this vulnerability.

Specially crafted JavaScript placed on a malicious website may cause the software to become unstable and/or lock the system.

This issue presents no other risks to the computer user

Affected Products:

ZoneAlarm Security Suite, ZoneAlarm Pro
Unaffected Products:

No other Zone Labs products are affected by this issue
Description: ZoneAlarm Security Suite and ZoneAlarm Pro provide features to block specific types of advertising from websites. However, using specially crafted JavaScript, a malicious webpage could cause the software or system to lock. This vulnerability requires two specific prerequisites:

Ad-blocking must be enabled
The user must visit a website with malicious Java Script
This vulnerability has been resolved in version 5.5.062 of affected Zone Labs products. Version 5.5.062 was released on November 8, 2004.

Users configured to receive automatic product updates will receive this update automatically. Users configured to receive manual updates should use the Check For Update option – see the Recommended Actions section below.

Recommended Actions: ZoneAlarm Security Suite and ZoneAlarm Pro users will receive the update through a product update.

Users with automatic updates:
You receive the update automatically. No further action is required.

Users with manual updates:
To manually update your Zone Labs software:

Select Overview | Preferences.
In the Check For Update section, click Check For Update.
If neccesary, follow the instructions to update your software.
ZoneAlarm Security Suite and ZoneAlarm Pro versions 5.5.062 and newer are not impacted by this issue.

Related Resources:

Zone Labs Security Response Center:
http://www.zonelabs.com/security
Acknowledgments: Zone Labs would like to thank Nicolas Robillard for reporting this issue.

Contact: Zone Labs customers who are concerned about information contained in this advisory or have additional technical questions may reach our Technical Support team at: http://www.zonelabs.com/support/. To report security issues with Zone Labs products contact security@zonelabs.com.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Copyright: ©2004 Zone Labs LLC, A Check Point Company All rights reserved. Zone Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone Labs LLC, A Check Point Company The Zone Labs logo, Check Point Integrity and IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC, A Check Point Company All other trademarks are the property of their respective owners.

Any reproduction of this alert other than as an unmodified copy of this file requires authorization from Zone Labs. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Zone Labs LLC, a Check Point Company.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close