So a security researcher thought… what would happen if I embedded a script inside the element data parameter? So he tried it:
What happened when he sent himself the infected email to his Yahoo! account?
It is recommended that you update your browser to this version to prevent possible exploits. You can do so by clicking the main menu icon (three dashes in the top right) and going to Help / About Google Chrome or by downloading from:
Mozilla, an open-source software community run by the non-profit organization, Mozilla Corporation, and developers of the Firefox web browser, has announced it’s bug tracking software, Bugzilla, was hacked. The organization’s blog post states that the account that was compromised had access to privately-listed bugs representing zero-day security flaws in the browser. However, if you keep your browser up-to-date you are protected. The zero-day flaws that were stolen were all patched as part of version 40.0.3 released August 27, 2015. The post does not state the date that the account was compromised.
This should definitely be a wake-up call for you to keep the software you use up-to-date. Many applications today will automatically update (including the more recent versions of Firefox) but some do not. In addition to keeping you safe from security flaws, the latest versions of programs also deliver features that make using the software more enjoyable and sometimes easier. In the case of web browsers, it also delivers new tools for web developers to use to make better web applications and websites that are more visually appealing and interactive.
More detailed explanation of why you should take the time to ensure the software you use is up-to-date will be in an upcoming post! I will link the post here.
WordPress has released version 4.2.4. This security release fixes 3 cross-site-scripting (XSS) vulnerabilities and a possible SQL injection exploit.
In addition the update also fixes a few general bugs in the software:
A fix for characters not being saved correctly when a non-standard database collation is used
A fix for the core not type-checking directory listings using glob()
A fix for shortcodes not working when they are added at the beginning of an HTML element (e.g.
<[my-shortcode ...] >)
A fix for shortcodes removing line returns inside of CDATA content blocks
WordPress is the open-source blogging and publishing software originally developed by Autoattic who handed off the software and copyrights to the WordPress Foundation, a charitable organization the supports WordPress and related plugins.