The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.
The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All of the current month's bugs are here. Use the links on the left to jump back to past months, or use the search form.
Mozilla Firefox may pass off arguments to other applications without properly encoding spaces and double quotes in URIs. Attackers may be able to exploit this to run hostile code. This is fixed in Mozilla 184.108.40.206, and there is also workaround information at http://www.mozilla.org/security/announce/2007/mfsa2007-27.html, Mozilla credits Jesper Johansson, Billy Rios and Nate McFeters with research on this problem, along with Secunia.
The Windows Vista Special Report has been updated with all the BugBlog Vista items from February through July. BugBlog Plus items will be added later.
A problem with the digital signing of some Windows XP drivers may interfere with Apple iTunes for Windows ability to connect with your iPhone or iPod. Instead, you will see this error message:
iTunes might be unable to launch or communicate with iPod or iPhone. For help repairing your operating system, click More Information.
Apple has information on how to create a batch file that will fix this at http://docs.info.apple.com/article.html?artnum=305999.
According to Mozilla, there is a bug in the way that Microsoft Internet Explorer calls registered URL protocols. If you browse a malicious webpage with IE, it could start Mozilla Fifefox and pass the bad data on to the other browser. This may allow an attacker to run hostile code on your computer. The Fifefox 220.127.116.11 update will plug this hole on the Firefox side, but does not fix the original bug in IE. See http://www.mozilla.org/security/announce/2007/mfsa2007-23.html for the details.
There is a bug in Symantec Backup Exec for Windows Servers 10.x and 11 that may allow remote attackers to launch denial of service attacks that turn off the backup service. They may also be able to exploit the bug to run hostile code on the server. Symantec has a hotfix for this at http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11a.html. They credit iDefense with finding this bug. See their explanation at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=553.
A number of bugs in the Microsoft .NET Framework 1.x and 2.0 may allow critical attacks against Windows 2000 and Windows XP computers, with less severe attacks possible against Windows Server 2003 and Windows Vista. Remote attackers may be able to exploit these bugs to run their code on the victim's computers. Microsoft has links to the patches at http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx. Microsoft credits Dinis Cruz of OWASP, Paul Craig of Security Assessment, Jeroen Frijters of Sumatra and Ferruh T. Mavituna of Portcullis Computer Security Ltd. for finding these bugs.
There is a memory leak in the Windows ReadyBoost driver for Windows Vista. ReadyBoost is a way to use flash memory to boost Vista's performance, and according to Microsoft, you may not even know if it is running. In some hardware configurations, it leaks memory which may lead to this error message:
STOP: 0x0000006F (parameter1, parameter2, parameter3, parameter4) SESSION3_INITIALIZATION_FAILED.
Microsoft also said there could be other problems that could generate this error message, other than the memory leak. They do have a hotfix for it. Either wait for the service pack, or see http://support.microsoft.com/kb/939008/ on how to get it earlier.
This Tuesday is Patch Tuesday, and in honor of the occasion Microsoft is giving us six presents. Three of them are Critical level security patches, covering Office, Excel, Windows, and the .NET framework. Two are important, for Office, Publisher, and Windows XP. There's one Moderate security bulletin for Windows Vista. Stay tuned for the details on Tuesday afternoon.
One of the worst things that can happen to your computer is hard drive failure. What can contribute to drive failure? At ZD Net's Storage Bits blog, there is an article called "Disk Drive Life Depends On...Luck", which is either encouraging or discouraging, depending on your point of view. Read it at http://blogs.zdnet.com/storage/?p=156.
If you've updated to Mac OS X 10.4.10 on an Intel-based Mac, you may hear some audio distortion from external speakers. Apple describes it as "popping". They have an Audio Update 2007-001 that is supposed to fix it. Read more about it at http://docs.info.apple.com/article.html?artnum=305840.
Microsoft has a hotfix for Outlook 2007 that fixes a number of Presence bugs. Presence requests from Office applications to presence applications should now work correctly; if a number of presence icons appear, they should no longer flicker; and they should show the correct information. See http://support.microsoft.com/kb/936864/ for information on how to get the fix.
Try to start up Adobe After Effects, Audition, Encore DVD, Photoshop, Premiere Elements, Premiere Pro, or Soundbooth on a Windows XP computer with a Realtek High Definition Audio integrated sound card, and you may get a system crash with this error message:
"Stop: 0X000000C5" or "Stop: 0x0000008E"
To fix this, Adobe says you need an updated driver from Realtek. Get version 1.33 at http://www.realtek.com.tw.
Mozilla will not be updated the Firefox 1.5 browser line in the future. To help users make the jump up to Firefox 18.104.22.168, there is a new migration tool called Major Update for Firefox 1.5 to 2.0. They talked about it in early June at http://developer.mozilla.org/devnews/index.php/2007/06/06/rollout-of-major-update-for-firefox-15-to-20/, and it's been offered since June 28 for people ready to make the jump into the future.
A bug in the WebCore for Apple Mac OS X 10.3.9 and 10.4.9 may allow a website to launch a cross-site scripting attack, tricking you into revealing personal data to the wrong website. Apple has fixed this in the 2007-006 Security Update. Read more about it at http://docs.info.apple.com/article.html?artnum=305759. Apple credits Richard Moore of Westpoint Ltd.for finding this bug.
Copyright 2003-2007 BJK Research LLC