July 2 - 11:20pm EDT   Mozilla on Tuesday posted Firefox 2.0.0.15, an update to its web browser that resolves several vulnerabilities, ranging from several benign problems, to critical bug fixes related to arbitrary code execution and remote control of a user's system. Among the major fixes are MFSA 2008-21, 2008-24, 2008-25, and 2008-33, which resolve crashes when memory is corrupted, Chrome script loading vulnerabilities, arbitrary code execution in a .loadSubScript() command, as well as crashing and remote code execution. [full story]

May 28 - 8:40pm EDT  Apple on Wednesday released dozens of security updates part of its Mac OS X 10.5.3 update for Leopard and Security Update 2008-003(PPC Tiger client, Intel Tiger client, PPC Server, Universal Server) for Mac OS X Tiger, including critical bugs for remote shutdown, arbitrary code execution (multiple including JPG2000 issues), denial of service (via viewing PNG files), private information information disclosure (via SSL, Tiger Mail, Unicode, malicious BMP/GIF files and Image Capture) as well as a critical code execution bug for the continually updated Adobe Flash plugin. Apple also updated its Single Sign-On feature (CVE-ID: CVE-2008-1578) to prevent passwords from being supplied other local users. [full story]