どんなことでも

2/1 には気付いていましたが、source が分からなかったので書かなかった分。
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
http://security.gentoo.org/ より。

Description
===========
PostgreSQL's LOAD extension is vulnerable to a local privilege escalation discovered by John Heasman. A local user can load any shared library, but the initialization function will then be executed with the permissions of the PostgreSQL server.

Workaround
==========
There is no know workaround at this time.

一般ユーザが postgresql に好きなライブラリ(Winでいうdll) を読ませることができ、それにより PostgreSQL の管理者権限が奪う事が可能(OS の postgres ユーザになることができる)ということらしいです。
7.2.7, 7.3.9, 7.4.7, 8.0.1 に Update しましょう。ということで。
PostgreSQL Security Release for versions 8.0, 7.4, 7.3, & 7.2

#33990: setuid perl security issues (guest/guest でログイン)

Date: Mon, 31 Jan 2005 15:55:36 +0000
Who was already planning to start the 5.8.7 release process at the end of February.

とのことですが、「Current Release: 5.8.6」と表示されてますね。

Description: (Description でない部分は略)
In the July 18, 2002 highlights for Perl 5.8.0 there was a 'New IO Implementation' added called PerlIO. The new PerlIO implementation was described as both a portable stdio implementation (at the source code level) and a flexible new framework for richer I/O behaviours.

As an attacker I would definately say that PerlIO has some rich behavior. Two vulnerabilities were located in the PerlIO package that can allow an attacker to take root on a machine that makes use of setuid perl aka sperl. The first vulnerability was outlined in DMA[2005-0131a], details on the second vulnerability will be explained below.

bugtraq MLより

bugzilla.mozilla.org #280056 (まだ、関係者しか見れません)

__Summary

The javascript security manager usually prevents that a javascript: URL from one host is opened in a window displaying content from another host. But when the link is dropped to a tab, the security manager does not kick in.

This can lead to several security problems scaling from stealing session cookies to the ability to run arbitrary code on the client system (depending on the displayed site or security setttings).

Tabbed browsing is a great feature to organize mutliple website, but after a while also tabs become too much. Now you have two options: Close tabs and open new ones (CTRL+W to close a tab, followed by a CTRL+click on a link to open a new one), or just recycle already open tabs by dragging links to them - the solution i prefer.

いまいち(いま千ぐらい?)分かりませんが、最近よく見かける タブブラウザ & JavaScript のコンボのようですね。

CAN-2005-0231 になる予定だそうです。(まだ出来てません)
修正版の予定は
＊ nightry では fix 済み。
＊ firefox 1.0.1 をリリース予定。
＊ Mozilla 1.7.5にも影響ありとのこと。こちらも、そのうち Bugfix 版が出るでしょう。

あとは、

The links are directed at "http://www.pаypal.com/", which the
browsers punycode handlers render as www.xn--pypal-4ve.com.

ってな問題もあるそうで。でもこれは、ドメイン名の国際化にあるわけで...この問題に引っかかることが確認されているブラウザは、
＊ Most mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc)
＊ Safari 1.2.5
＊ Opera 7.54
＊ Omniweb 5
とのこと。思いっきりフィッシングに引っかかりますよと。かなり古い話らしいのですが。(実例/詳細)

2002 - Original paper published on homograph attacks
2002-2005 - Verisign pushes IDN, and browsers start adding support for it
Jan 19, 2005 - Vendors notified of vulnerability
Feb 6, 2005 - Public disclosure @shmoocon 2005

Mozilla 曰く、回避方法はこの国際化ドメイン名(IDN)の機能を切ってくださいとのこと(^^; 駄目じゃん > Mozilla

Vendor Responses

Verisign: No response yet.
Apple: No response yet.
Opera: They believe they have correctly implemented IDN, and will not be making any changes.
Mozilla: Working on finding a good long-term solution; provided clear workaround for disabling IDN.

Opera は「IDN の実装の問題として修正されることを信じてる」って事ですか？まぁ、回答がないよりは良いですね。
以上、今日届いた fulldisclosure, BugTrack のMLより。