Security Threat Watch Update

Compliments of today's Security Threat Watch newsletter:

There have been a number of interesting vulnerabilities this week.
Microsoft released a patch for a vulnerability in JPEG graphic parsing
in various GDI libraries. Part of the problem with this bug is that
various applications are supposed to ship their own versions of the GDI
libraries, which means you literally have to search your file system for
vulnerable files to update. Then there is the issue of whether the
third-party application will even function correctly with the newer GDI
library.

Multiple vulnerabilities have been found in the Mozilla application
suite (Mozilla, Firefox and Thunderbird). Some of these bugs have been
reported before, but we thought we'd re-report the collected advisory.

Lastly, Corsaire released a large number of advisories relating to the
improper parsing of MIME documents by various products. The exact impact
is product-specific, but improper MIME parsing can be exploited directly
(buffer overflows, etc.) or indirectly (bypassing virus scanning
gateways, creating malicious attachments, etc.). The slew of advisories
are collected in this issue under a single entry with the title
"Multiple vendors: various MIME interpretation problems."

Shameless plug: This is just the introduction to a complete listing of vulnerabilities and patches organized by platform. You can get the whole kit and caboodle by signing up for this free, weekly newsletter, created by a great bunch of security wonks at Neohapsis.