Zone Labs Ad-Blocking Instability
FYI
Zone Labs Ad-Blocking Instability
Overview: ZoneAlarm® Security Suite and ZoneAlarm® Pro have been updated to
address a vulnerability in their ad-blocking functions. Specially crafted
JavaScript may cause a user's system to become unstable or lock
Date Published: November 18, 2004
Date Last Revised: November 18, 2004
Impact: The ad-blocking feature in Zone Labs products is turned off by default.
If this feature has not been enabled, you are not impacted by this
vulnerability.
Specially crafted JavaScript placed on a malicious website may cause the
software to become unstable and/or lock the system.
This issue presents no other risks to the computer user
Affected Products:
ZoneAlarm Security Suite, ZoneAlarm Pro
Unaffected Products:
No other Zone Labs products are affected by this issue
Description: ZoneAlarm Security Suite and ZoneAlarm Pro provide features to
block specific types of advertising from websites. However, using specially
crafted JavaScript, a malicious webpage could cause the software or system to
lock. This vulnerability requires two specific prerequisites:
Ad-blocking must be enabled
The user must visit a website with malicious Java Script
This vulnerability has been resolved in version 5.5.062 of affected Zone Labs
products. Version 5.5.062 was released on November 8, 2004.
Users configured to receive automatic product updates will receive this update
automatically. Users configured to receive manual updates should use the Check
For Update option ? see the Recommended Actions section below.
Recommended Actions: ZoneAlarm Security Suite and ZoneAlarm Pro users will
receive the update through a product update.
Users with automatic updates:
You receive the update automatically. No further action is required.
Users with manual updates:
To manually update your Zone Labs software:
Select Overview | Preferences.
In the Check For Update section, click Check For Update.
If neccesary, follow the instructions to update your software.
ZoneAlarm Security Suite and ZoneAlarm Pro versions 5.5.062 and newer are not
impacted by this issue.
Related Resources:
Zone Labs Security Response Center:
http://www.zonelabs.com/security
Acknowledgments: Zone Labs would like to thank Nicolas Robillard for reporting
this issue.
Contact: Zone Labs customers who are concerned about information contained in
this advisory or have additional technical questions may reach our Technical
Support team at: http://www.zonelabs.com/support/. To report security issues
with Zone Labs products contact security@xxxxxxxxxxxxx
Disclaimer: The information in the advisory is believed to be accurate at the
time of publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition. There are no
warranties with regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect, or consequential loss
or damage arising from use of, or reliance on, this information. Zone Labs and
Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or
affiliated companies in the United States and other countries. All other
registered and unregistered trademarks represented in this document are the
sole property of their respective companies/owners.
Copyright: ©2004 Zone Labs LLC, A Check Point Company All rights reserved. Zone
Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered
trademarks of Zone Labs LLC, A Check Point Company The Zone Labs logo, Check
Point Integrity and IMsecure are trademarks of Zone Labs, Inc. Check Point
Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off.
Cooperative Enforcement is a service mark of Zone Labs LLC, A Check Point
Company All other trademarks are the property of their respective owners.
Any reproduction of this alert other than as an unmodified copy of this file
requires authorization from Zone Labs. Permission to electronically
redistribute this alert in its unmodified form is granted. All other rights,
including the use of other media, are reserved by Zone Labs LLC, a Check Point
Company.