[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Zone Labs Ad-Blocking Instability
From:       Nicolas Robillard <nicolas.robillard () snclavalin ! com>
Date:       2004-11-18 22:50:01
Message-ID: 20041118225001.13429.qmail () www ! securityfocus ! com
[Download RAW message or body]



FYI

Zone Labs Ad-Blocking Instability

Overview: ZoneAlarm® Security Suite and ZoneAlarm® Pro have been updated to address a \
vulnerability in their ad-blocking functions. Specially crafted JavaScript may cause \
a user's system to become unstable or lock

Date Published: November 18, 2004
Date Last Revised: November 18, 2004

Impact: The ad-blocking feature in Zone Labs products is turned off by default. If \
this feature has not been enabled, you are not impacted by this vulnerability.

Specially crafted JavaScript placed on a malicious website may cause the software to \
become unstable and/or lock the system. 

This issue presents no other risks to the computer user

Affected Products:

ZoneAlarm Security Suite, ZoneAlarm Pro 
Unaffected Products:

No other Zone Labs products are affected by this issue 
Description: ZoneAlarm Security Suite and ZoneAlarm Pro provide features to block \
specific types of advertising from websites. However, using specially crafted \
JavaScript, a malicious webpage could cause the software or system to lock. This \
vulnerability requires two specific prerequisites: 

Ad-blocking must be enabled 
The user must visit a website with malicious Java Script 
This vulnerability has been resolved in version 5.5.062 of affected Zone Labs \
products. Version 5.5.062 was released on November 8, 2004. 

Users configured to receive automatic product updates will receive this update \
automatically. Users configured to receive manual updates should use the Check For \
Update option – see the Recommended Actions section below.

Recommended Actions: ZoneAlarm Security Suite and ZoneAlarm Pro users will receive \
the update through a product update.

Users with automatic updates:
You receive the update automatically. No further action is required.

Users with manual updates:
To manually update your Zone Labs software:

Select Overview | Preferences. 
In the Check For Update section, click Check For Update. 
If neccesary, follow the instructions to update your software. 
ZoneAlarm Security Suite and ZoneAlarm Pro versions 5.5.062 and newer are not \
impacted by this issue. 

Related Resources:

Zone Labs Security Response Center:
http://www.zonelabs.com/security 
Acknowledgments: Zone Labs would like to thank Nicolas Robillard for reporting this \
issue.

Contact: Zone Labs customers who are concerned about information contained in this \
advisory or have additional technical questions may reach our Technical Support team \
at: http://www.zonelabs.com/support/. To report security issues with Zone Labs \
products contact security@zonelabs.com.

Disclaimer: The information in the advisory is believed to be accurate at the time of \
publishing based on currently available information. Use of the information \
constitutes acceptance for use in an AS IS condition. There are no warranties with \
regard to this information. Neither the author nor the publisher accepts any \
liability for any direct, indirect, or consequential loss or damage arising from use \
of, or reliance on, this information. Zone Labs and Zone Labs products, are \
registered trademarks of Zone Labs Incorporated. and/or affiliated companies in the \
United States and other countries. All other registered and unregistered trademarks \
represented in this document are the sole property of their respective \
companies/owners.

Copyright: ©2004 Zone Labs LLC, A Check Point Company All rights reserved. Zone Labs, \
TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone \
Labs LLC, A Check Point Company The Zone Labs logo, Check Point Integrity and \
IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity protected under U.S. \
Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service \
mark of Zone Labs LLC, A Check Point Company All other trademarks are the property of \
their respective owners.

Any reproduction of this alert other than as an unmodified copy of this file requires \
authorization from Zone Labs. Permission to electronically redistribute this alert in \
its unmodified form is granted. All other rights, including the use of other media, \
are reserved by Zone Labs LLC, a Check Point Company.


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic