The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.
- Firefox 26
- Firefox ESR 24.2
- Thunderbird 24.2
- SeaMonkey 2.23
These vulnerabilities could allow a remote attacker to bypass intended security restrictions, conduct a spoofing attack, execute arbitrary code, or cause a denial-of-service condition.
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe is aware of reports that an exploit designed to trick a user into opening a Microsoft Word document with malicious Flash (.swf) content exists. These vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.
Security updates are available for the following versions:
Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
Adobe has released a security update for Adobe Shockwave Player 188.8.131.52 and earlier versions on the Windows and Macintosh operating systems to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system.
US-CERT recommends users and administrators review Adobe Security Bulletin APSB13-29 and follow best practice security policies to determine if their organization is affected and the appropriate response.