Our security note this afternoon involves: Adobe Shockwave Player 12.0.6.147 and earlier versions, Adobe Flash Player, Firefox 26, Firefox ESR 24.2, Thunderbird 24.2 ad SeaMonkey 2.23.

Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system.

Connectikpeople recommends users and administrators review Adobe Security Bulletin APSB13-29 and follow best practice security policies to determine if

their organization is affected and the appropriate response.

Regarding Adobe Flash Player to address multiple vulnerabilities, Adobe is aware of reports that an exploit designed to trick a user into opening a Microsoft Word document with malicious Flash (.swf) content exists. These vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.

Security updates are available for the following versions:

• Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.327 and earlier versions for Linux
• Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh
• Adobe AIR 3.9.0.1210 and earlier versions for Android
• Adobe AIR 3.9.0.1210 SDK and earlier versions
• Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions

Connectikpeople encourages users and administrators to review Adobe Security Bulletin APSB13-28 and follow best practice security policies to determine if their organization is affected and the appropriate response.

Finally the Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.

• Firefox 26
• Firefox ESR 24.2
• Thunderbird 24.2
• SeaMonkey 2.23

These vulnerabilities could allow a remote attacker to bypass intended security restrictions, conduct a spoofing attack, execute arbitrary code, or cause a denial-of-service condition.
Connectikpeople encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 26, Firefox ESR 24.2, Thunderbird 24.2, and SeaMonkey 2.23 and apply any necessary updates to help mitigate the risk.