Navigation
Most popular FAQs 
- How can I connect my Nintendo DS to the ... (2504 views)
- How can I connect my XBOX or XBOX 360 ... (2145 views)
- How can I connect my Nintendo Wii to the ... (1900 views)
- How can I connect my PlayStation 2 to the ... (1816 views)
- What does the Conflicker worm do? (1725 views)
- When will I get access to my courses on ... (1709 views)
- Where can I borrow an Ethernet cord from? (1628 views)
- When logging in to Clean Access Agent I get ... (1439 views)
- Can I get a free copy of Microsoft Windows ... (1431 views)
- How do I remove the Conficker worm? (1260 views)
Latest FAQs 
- How can I transfer files from my iPod back ... (2009-08-22 18:05)
- I have Windows Vista and I cannot connect to ... (2009-08-22 18:04)
- I have Windows 2000 or Windows XP and I ... (2009-08-22 18:03)
- Will my computer still work at home? (2009-08-22 18:02)
- Do I need to keep Clean Access installed over ... (2009-08-22 18:02)
Sticky FAQs
SUNYNP Student Computer Help Desk News 
Scheduled Blackboard Maintenance - Wednesday, Nov 4th at 3pm 
Blackboard will be down for scheduled maintenance this Wednesday, November 4th from 3:00pm to 4:30pm. The Blackboard website (blackboard.newpaltz.edu) will not be available during this time. This downtime is required so that we can apply needed operating system and infrastructure updates.
Multiple Vulnerabilities in Mozilla Firefox and SeaMonkey Could Allow Remote Code Execution 
CSCIC ADVISORY NUMBER: 2009-072
DATE(S) ISSUED: 10/28/2009
OVERVIEW:
Multiple
vulnerabilities have been discovered in the Mozilla Firefox and Mozilla
SeaMonkey applications which could allow remote code execution. Mozilla Firefox
is a popular web browser used to access the Internet. Mozilla SeaMonkey is a
cross platform Internet suite of tools ranging from a web browser to an email
client.
The Mozilla applications (Firefox and SeaMonkey) utilize the same framework to display application specific information (e.g. Web pages, emails, chats). Exploitation can occur if a user visits a webpage or opens a malicious file specifically crafted to take advantage of these vulnerabilities. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.
SYSTEMS AFFECTED:
- Mozilla Firefox versions 3.5.3 and earlier
- Mozilla SeaMonkey versions 1.1.17 and earlier
RISK:
Home users: High
DESCRIPTION:
Multiple
vulnerabilities have been discovered in Mozilla Firefox and Mozilla Seamonkey
that could allow an attacker to take complete control of an affected system.
Details of these vulnerabilities are:
Form History vulnerable to stealing
An information disclosure vulnerability exists which could allow for the disclosure of history content. The problem occurs because a malicious web page could synthesize mouse movement and key press events to auto-populate form fields with history entries. Information obtained may aid in further attacks.
Crash with Recursive Web-Worker Calls
An arbitrary code execution vulnerability exists due to a recursive creation of JavaScript web-workers. An attacker can exploit this issue to free object memory before it is used. This will likely cause denial-of-service conditions; arbitrary code execution may also be possible.
Crash in Proxy Auto-configuration Regexp Parsing
An arbitrary code execution vulnerability exists due to a flaw in parsing regular expressions used in Proxy Auto-configuration (PAC) files. An attacker can exploit this issue to crash a victim's browser, and possibly run arbitrary code.
Heap Buffer Overflow in GIF Color Map Parser
A heap-buffer overflow vulnerability exists in the GIF color map image parser. An attacker can exploit this issue to execute arbitrary code in the context of the victim running the affected browser.
Chrome Privilege Escalation in XPCVariant::VariantDataToJS()
A privilege-escalation vulnerability affects the XPCOM utility 'XPCVariant::VariantDataToJS()' because it doubly-wraps objects before returning them to chrome callers. An attacker can exploit this issue to execute malicious JavaScript with chrome privileges.
Local Downloaded File Tampering
A local privilege-escalation vulnerability occurs because the browser uses predictable names when downloading and saving files to the ‘Downloads’ folder. An attacker with local access, and knowledge of a file a victim intends to open with Download Manager, could exploit this issue to execute a malicious file in the context of the victim running the affected browser.
Heap Buffer Overflow in String to Number Conversion
A heap-based buffer overflow vulnerability in the string to floating point number conversion routines. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page containing specially crafted JavaScript. A successful exploit will result in the execution of arbitrary code on the victim's computer.
Cross-origin Data Theft through document.getSelection()
A cross-domain information disclosure vulnerability occurs because text within a selection on a web page can be read by JavaScript in a different domain using the 'document.getSelection' function.
Download Filename Spoofing with RTL Override
A vulnerability occurs that could allow an attacker to obfuscate the name and file extension of a file to be downloaded. The problem occurs when the file contains a right-to-left override character (RTL) in the filename.
Memory Safety Bugs
A remote code execution vulnerability affects the third-party 'liboggz', ‘libvorbis’, and ‘liboggplay’ libraries used in Firefox. This issue can be exploited to cause the browser to crash; arbitrary code execution may also be possible.
Crashes with Evidence of Memory Corruption
Multiple remote memory corruption vulnerabilities affect Firefox. These issues can be exploited to cause the browser to crash and possibly to execute arbitrary code.
Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.
RECOMMENDATIONS:
We
recommend the following actions be taken:
- Install the appropriate vendor patches and upgrades immediately after appropriate testing.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
REFERENCES:
Secunia:
http://secunia.com/advisories/36711/
Security Focus:
http://www.securityfocus.com/bid/36843
Mozilla:
http://www.mozilla.org/security/announce/2009/mfsa2009-52.html
http://www.mozilla.org/security/announce/2009/mfsa2009-53.html
http://www.mozilla.org/security/announce/2009/mfsa2009-54.html
http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383
NPMail outage - Friday October 16th 
Hello all,
The NPMail system will be down for an upgrade on Friday, October 16th
beginning at 5PM. This outage will last up to an hour.
After the upgrade is done there will be some slight graphical changes
to the default layout of NPMail Webmail. Along with the very slight
graphical changes, some things you may be used to using may be in
slightly different locations. Below is an outline of the major
changes. Please keep this email for reference once you are on the new
system.
- To change your mail filters (including mail forwarding and vacation messages), just click on the Mail Control button at the top. (this replaces the Settings->Mail Control->Rules that you have to do in the current version).
- The Log Out button is now on the top near the middle (instead of being at the top right).
- To create a folder, use the Management section at the bottom of your folder list on the left. Just type in the name of the folder to create next to the Create button, then press Create. (this was done in the current version by clicking Add New at the Top of the folder list)
There are 134 FAQs online