Risk
2/17/2012
05:15 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google's Privacy Invasion: It's Your Fault

If we really wanted privacy, we would turn off JavaScript, block ads, and browse in privacy mode through an anonymous proxy. But we would rather have free services.

Google stepped in it, again. The company was caught bypassing the privacy settings of those using Apple's Safari Web browser, which unlike other major browsers blocks third-party cookies by default. Google, like just about every other online company, relies on cookie files to improve ad relevancy, to identify users, and to deliver online services.

The Wall Street Journal, which Friday broke the story as part of its ongoing investigation into online privacy, reports that Google, along with at least three other advertising companies--Vibrant Media, WPP PLC's Media Innovation Group, and Gannett's PointRoll--"exploited a loophole in the browser's privacy settings" to place a cookie file on OS X and iOS devices such as iPhones using Safari.

The incident has prompted Consumer Watchdog, a consumer advocacy group critical of Google's privacy practices, to call for intervention from the Federal Trade Commission. Another consumer advocacy group, the American Consumer Institute, said, "Google’s willful disregard for the privacy choices of consumers and the privacy policies of Apple is a new low even for Google."

Google insists the Wall Street Journal report "mischaracterizes what happened and why." The company says it "used known Safari functionality to provide features that signed-in Google users had enabled" and that it did not collect personal information.

[ Google has been under fire for its planned privacy policy change. Read Google Rejects EU Request On Privacy Policy Consolidation. ]

Google hasn't helped its case by ceasing to use the HTML code that overrode Safari's default behavior. That looks like an admission of guilt. But let's step back for a moment and examine the situation.

The American Consumer Institute's contention Google willfully disregarded "the privacy choices of consumers and the privacy policies of Apple" isn't accurate.

Google disregarded the privacy choices of Apple, which chooses to block third-party cookies by default in its browser. And Google has nothing to do with Apple's privacy policies, which describe how Apple handles customer data.

Google argues that it manipulated Safari to resolve contradictory browser settings. Safari blocks third-party cookies by default. At the same time, Apple has implemented exceptions to Safari's third-party cookie blocking to allow social features like the +1 button to function.

Rachel Whetstone, SVP of communications and public policy, said in a statement that Google deployed its workaround code "to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to '+1' things that interest them."

The fact that other Google cookies got set, Google insists, was accidental. "The Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser," Whetstone explained. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information."

Were it not for the fact that Google's advertising cookie opt-out help page stated explicitly that Safari's default setting was the functional equivalent of opting out, Google's explanation might suffice.

But rewind now to the July 2011 release of OS X Lion. With Lion came Safari 5.1, which included for the first time third-party cookie blocking by default.

Could Apple's decision to block third-party cookies by default have been influenced by its competition with Google, a company that depends on advertising and cookies?

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Skitch
50%
50%
Skitch,
User Rank: Apprentice
2/18/2012 | 3:13:54 PM
re: Google's Privacy Invasion: It's Your Fault
Well said. The only thing I disagree with is the suggestion that Google would consider the Software as a Service approach. Fundamentally, capitalism would not permit it as people would just find a new search engine.

PMEIBOSCH000
50%
50%
PMEIBOSCH000,
User Rank: Apprentice
2/18/2012 | 3:15:06 PM
re: Google's Privacy Invasion: It's Your Fault
IF YOU THINK PAYING FOR A SERVER OR ANYTHING ELSE GIVES YOU PRIVACY
ON THE INERTNET:YOU ARE A FOOL ...
Stingray1964
50%
50%
Stingray1964,
User Rank: Apprentice
2/18/2012 | 3:21:37 PM
re: Google's Privacy Invasion: It's Your Fault
You are so correct !
We are the blame but people never see it that way.
But you know know what with all the faults of any of these Search engines , I do like Google the most , Chrome works fine me , I love my Google Phone and my gmail as well , Had Yahoo and Hotmail and few others , So i get an ad banner but not as much junk mail . Just maybe if people learned how to use their settings. then things would work better for them .
But as far Apple goes , I rather have the faults of a windows base computer then an apple. I like the change things and move around and not have to buy a whole computer cause Apple made on little change or Have to spend 700 for a cellphone cause I thought 8gigs was fine but now I have to buy a whole new phone cause I need more memory .
gorkable
50%
50%
gorkable,
User Rank: Apprentice
2/18/2012 | 3:48:07 PM
re: Google's Privacy Invasion: It's Your Fault
Yes, actually a fairly balanced article. Oh, you mean Apple has privacy/security "holes" too, surprise surprise...but Apple somehow will not get much negative press for not catching this- It does sound like Google did respond to the users request to keep them signed in, the question is simply if the extra cookies were accidental.
Nickolas
50%
50%
Nickolas,
User Rank: Apprentice
2/18/2012 | 4:00:00 PM
re: Google's Privacy Invasion: It's Your Fault
Great job on the well thought out article that actually decided to give both sides of the story. I've been following this story since yesterday and until now I couldn't find an article that told the whole story. The tech sphere is in a really sad state these days. Playing on privacy fears is one of the few tools they have left, though ironic since their own websites have intrusive ads that install tracking cookies on consumer's computers.
Geo Love
50%
50%
Geo Love,
User Rank: Apprentice
2/18/2012 | 4:31:27 PM
re: Google's Privacy Invasion: It's Your Fault
Nice Thomas. A lesson to learn from... for Google and for us. Having been a huge supporter of Google from the start I'm saddened to see such blatant behavior as we have been subject to. But let's be real. Should I be/am I surprised? (Politely) NO!

Being THE premier, major search engine and data collector AND free service provider, AND, AND, AND... that pervades every aspect of our lives today' it is pretty amazing that Google has been able to go this far without hitting the speed bumps any harder than it has or has been caught doing.

That said. I'd love to see Google's unofficial "Don't be evil" motto http://en.wikipedia.org/wiki/D... upgraded to "official" and reestablished as it's core value to it's end users. But "money is the root of all evil" and ultimately ends up trumping any well intentioned money making enterprise that may wish to aspire to such great, lofty ideals.

Can it ever be achieved? Truthfully, probably not. The balancing act of pleasing both sides of the equation is just not a realistic business objective.

Stockholders' bank accounts simply don't accept it as a form of currency; an immense pressure that can't be overridden. "Business is business" and "the bottom line" focus is what they expect and demand. That's Corporate Reality.

So... it IS up to US to protect ourselves by CLOSELY, ACTIVELY, RESPONSIBLY monitoring every move AND LEARNING/UTILIZING those available and free 3rd party tools/addons as part of our everyday personal security and privacy interactions while webbing.

My end user friends... Be Aware. Be Very Aware. Foremost and Always!

And Google... We do still love you, but YES, we are watching you.
Steven Noyes
50%
50%
Steven Noyes,
User Rank: Apprentice
2/19/2012 | 7:00:55 PM
re: Google's Privacy Invasion: It's Your Fault
Sadly, Google's "Do no evil" went out of the door with their Google Books project. From that point on, it has been a steady down hill slide for them where the only thing they see in getting more and more information tied into their advertising networks regardless of who actually owns that information/data/IP.

So don't ever anticipate the "Don't be evil" to every be made "official". It was lost long ago:-(
Emeritus
50%
50%
Emeritus,
User Rank: Apprentice
2/18/2012 | 5:08:43 PM
re: Google's Privacy Invasion: It's Your Fault
What screaming nonsense. I've taught technological regulation for 35 years. The whole point of regulation is to allow workers or consumers to have the benefits of technology without being "raped" by those with power. And many concepts, like privacy or safety or patentable innovation cannot be defined in isolation. They are implemented on a case by case basis.
nomanzone
50%
50%
nomanzone,
User Rank: Apprentice
2/18/2012 | 5:25:28 PM
re: Google's Privacy Invasion: It's Your Fault
As long as the information that Google collects is non-personal, non-persistent, and only used for real time advertisements (such as the ads you see along side your gmail), Google is not only harmless, it is invaluable for the modern society. But it is in a position that it could do a lot more. The question is do you trust Google? Under the current management, I'd say yes. But it is always possible that someone like Rupert Murdoch may become the CEO of Google. When that happens, he does not need to hack into your phone or email any more. Everything is laid in the open for him.
DAGOSTA000
50%
50%
DAGOSTA000,
User Rank: Apprentice
2/18/2012 | 5:33:32 PM
re: Google's Privacy Invasion: It's Your Fault
I agree with 'what screaming nonsense.'

Put the blame on users of the internet? Of course. Every internet user knows what RFC and P3P mean in their daily lives.

You reference an article: "This is what the EFF recommends." In the footnotes of that article is this: "As this blog goes to press, we are unsure whether ad blockers for Safari can prevent the browser from sending requests, which is essential for this kind of privacy protection to be effective."

Is that the fault of "internet users?"
BCOOK6432
50%
50%
BCOOK6432,
User Rank: Apprentice
2/18/2012 | 5:57:47 PM
re: Google's Privacy Invasion: It's Your Fault
it's kind of funny how hypocritical this article is since the only way to comment on it is if I register with the website and there are currently 20 scripts running, or trying to run, in the background of the page keeping an eye on everyone who looks at it, 2 of which are Google related. I personally use NoScript to block about half of them.
Michael_
50%
50%
Michael_,
User Rank: Apprentice
2/18/2012 | 6:48:29 PM
re: Google's Privacy Invasion: It's Your Fault
People are too lazy or stupid that they have tools like NoScript and Adblock yet they don't use them. It's easier for them to point to the fingers at somebody else. There are plenty of tools out there to keep information private, but people choose to not use them. Is it Google's fault that people are too lazy to actually learn the tools they use on a regular basis? It's the same with people who complain how their computer doesn't work right and it gives them "so much trouble", when there is nothing wrong with the computer, they are just too lazy to actually spend the time to learn the highly complicated machine they rely on day to day.
Mooboch
50%
50%
Mooboch,
User Rank: Apprentice
2/18/2012 | 6:04:55 PM
re: Google's Privacy Invasion: It's Your Fault
Listen up all you righteous privacy loving Americans: this is absolutely NOTHING compared to the invasion of your privacy by the American government! Privacy, among many of your other rights, protected by the constitution, have been violated by our very own president and other elected officials, and nobody seems to give a rat's rectum about it. To cry over Google using a built in feature of a web browser with unintended consequences is kind of idiotic. If you really care so much about your privacy then fight the fights worth fighting. WAKE UP AMERICANS!!!!!! Take your privacy, and FREEDOM back!
Emeritus
50%
50%
Emeritus,
User Rank: Apprentice
2/18/2012 | 6:52:55 PM
re: Google's Privacy Invasion: It's Your Fault
Actually privacy is not a term which appears in the Constitution, and is largely a 20th century invention. (a good one to be sure, but a recent concept). Privacy against government Action and privacy in the private sector have fundamentally different origins. Roe v Wade was the culmination of an evolution in the concept of behavioral privacy. Informational privacy in the private sector has been largely statutory.
DAGOSTA000
50%
50%
DAGOSTA000,
User Rank: Apprentice
2/19/2012 | 12:10:48 PM
re: Google's Privacy Invasion: It's Your Fault
Dear Emeritus,

We're sorry that we didn't know that digital information would be invented when we said "secure in their possessions" or we'd have been specific.

Yours Truly,

Old wig-wearing white guys
ageofknowledge
50%
50%
ageofknowledge,
User Rank: Apprentice
2/18/2012 | 6:39:10 PM
re: Google's Privacy Invasion: It's Your Fault
The way China is going, they might end up with your personal information if you're not careful.

http://www.businessweek.com/ne...

http://www.independent.co.uk/n...

http://abcnews.go.com/Internat...
Michael_
50%
50%
Michael_,
User Rank: Apprentice
2/18/2012 | 6:41:33 PM
re: Google's Privacy Invasion: It's Your Fault
People need to stop complaining and take off their aluminum foil hats thinking that Google is out to get them. Am I the only one that's getting sick and tired of people whining like babies about privacy policies from companies like Google and Facebook? Whatever happened to "if you don't like it's policies, don't use it!"?

I use ad blockers, I clear out my cookies all the time, I clear my cache regularly, I don't use services that I don't like. My only complaints? The people who are constantly making a mountain out of a mole hill. I don't put personal information on the internet that I don't want people to have. Pretty damn simple if you ask me.

What I find even funnier, is that the people I see in my personal life that complain about these privacy policies are people who have NO clue what they are talking about, they just complain about them because they hear brief snippets about "privacy concerns" and they just jump on the bandwagon. They don't even know what cookies are, let alone JavaScript. Yet... they keep on using Facebook like it's their job. So let me get this straight, you do not like this web page, yet you use it constantly, as well as use it to complain about the FREE service that you are using religiously?
boohoosoo
50%
50%
boohoosoo,
User Rank: Apprentice
2/18/2012 | 7:41:51 PM
re: Google's Privacy Invasion: It's Your Fault
Call me an aluminum foil hat person, but I have been feeling queasy about Google power-playing for a very long time, and I am not a bandwagon person.

However I liked this article for the wonderful fact that it pointed out exactly what the definitive problem is. We have been baited with free service, and Google has provided a wonderful product. I have really come to rely on Google for just about everything...AND THEREIN LIES THE PROBLEM. Have any of you tried to un-encumber yourself of Google's influence? It's pretty near futile. Even the alternative search engines rely on Google for info. Alternate emails are good. Trying to get your old emails back that are archived on Google not so easy.

Many people have not thought through about the fragility of our cyber-dependent status. And this article points it out in brilliant relief! If we want to disengage from Google, it will cost us plenty, whether it's setting up our paid private privileged network, or whether it's giving up our unwittingly posted family photos, letters, and archived business records.

Linux is looking good. At least I would know their limits, and I have now learned not to tip my hand. There are zealous people who know not what kind of can of worms they are dealing with here. Big brother/business/government is infiltrating the whole system, and I am extremely uneasy about it. Get out the washboard and the buggy.
Michael_
50%
50%
Michael_,
User Rank: Apprentice
2/20/2012 | 10:10:34 PM
re: Google's Privacy Invasion: It's Your Fault
Who's fault is it that you have come to rely on Google for just about everything? It's your own fault. "Google baited with a free service". You mean "I took advantage of a free service and now I'm complaining they want to run it the way they want to run it". It's called advertising and it's been around for quite a while now.

How many wealthy senior citizens do you think depend on Google's free services? Go tell them they can't um-encumber themselves from Google's influence. Get ready to be laughed at and called a fool.

"Trying to get your old emails back that are archived on Google not so easy." Really? How about taking two seconds to actually figure it out. http://lmgtfy.com/?q=download+... Since you are too lazy to search on your own, I will help you out even more, click on the very first link.

Again, who's fault is it that you are ignorant or too lazy to figure out how to do something or use the tools that you use? It took me all of less than a minute to find out how to do what you consider "not so easy". Is it Google's fault or the fault of anybody else that you are ignorant or lazy? (I could have used any search engine to figure this out btw). You just prove my point even more. People are either too lazy or ignorant to figure out how to use the tools they use. It's not judgemental like DAGOSTA000 states, it's pointing out the facts, big difference.

Would you give your 16 old kid a new 100k Harley Davidson Motorcycle and tell him to go use it when they don't know anything about driving a motorcycle? With your logic, the kid should already know how to use/drive a motorcycle from the start, and if he doesn't it's Harley Davidson's fault if anything bad happens huh?

"There's a sucker born every minute". Which category do you fit in? Don't answer that, I think we all know.
DAGOSTA000
50%
50%
DAGOSTA000,
User Rank: Apprentice
2/19/2012 | 12:11:40 PM
re: Google's Privacy Invasion: It's Your Fault
Yup, I guess it is National Judgmental Ass Day!
mrtt
50%
50%
mrtt,
User Rank: Apprentice
2/18/2012 | 10:11:12 PM
re: Google's Privacy Invasion: It's Your Fault
A few years ago I had an idea for a website that would let users exchange messages and files by posting them (similar to what they do on MySpace or Facebook) but with the confidence that everything they uploaded or posted was encrypted while in-transit and at-rest. In addition, I wanted the user to have the option to control the passkeys used in the encryption process to insure that their encrypted data could not be compromised by anyone, not even the database owner. It started simple and ended up with a rich set of the latest and greatest privacy options like two-factor authentication, auto logoff, email and SMS notifications. I though I was on to something, especially with all the uproar around Facebook's privacy practices. I made it simple to use, ad free and cost free. I did it because I needed a challenge. What I learned was that people like to complain about Privacy, but don't want to do anything about it if it means learning something new or straying from what is considered mainstream. Have you heard much about Diaspora lately?

In case you are still reading and are wondering what happened to the website, it's still out there. A few new users sign up every week. I won't post the name here, but if you Google "private secure encrypted", it is the first non-ad search result.
DSMITH7949
50%
50%
DSMITH7949,
User Rank: Apprentice
2/19/2012 | 1:43:59 PM
re: Google's Privacy Invasion: It's Your Fault
Privacy is more than collecting names. If I decide to drive somewhere today, it's not your business where I go; in fact, if you follow me, you are stalking me which is a crime.
Tom Mariner
50%
50%
Tom Mariner,
User Rank: Apprentice
2/19/2012 | 9:09:39 PM
re: Google's Privacy Invasion: It's Your Fault
More than my fault -- I encourage it! I like it when I browse for something and everything else I do for a while gives me suggestions on alternate products or where I can get it for less! Yeah, I know , heresy in a world of ultraprivacy. Wait, it gets worse -- in an age where a hospital can get fined $50,000 per name for even the hint of a leak, I would rather have a health professional find out everything that has happened to me so they can help me get better faster. There, I've said it!

If I get these benefits and the icing on the cake is that it lets me get all this great stuff on the Internet for free, get to the bad part. Granted, I am way beyond the age of posting revealing pictures or text of stupid acts on a social site, but am worried that our young are going to find themselves denied something later because of youthful indiscretion.

And here's a really bad part -- we elect our public officials based not on how good they would be at the job, but on who has done less stuff we can find out about. I'm not real happy about he "National Enquirer" method of getting a President -- or Town Supervisor, but Americans seem adverse to actually investigating, so maybe the Internet watching those folks is not good for all of us.
Howt
50%
50%
Howt,
User Rank: Apprentice
2/19/2012 | 10:39:32 PM
re: Google's Privacy Invasion: It's Your Fault
By my own choice, I have chosen to exchange personal data for Google services. That is, when they are dealing off the top of the deck. In this instance, their errant actions were purposeful and hopefully will be found to be criminal.

More concerning is that Google is taking the sole hit. Why no mention of the other three advertising entities? Often, that which goes unspoken tells most.

For example, WPP is a holding company which owns many of the world's largest advertising firms. Is InformationWeek holding them to account? Does InformationWeek receive advertising revenue from WPP or its subsidiaries? Both advertising and journalism need to adhere to ethical practices.

There's a lot of shame to go around here and InformationWeek itself remains in question.
Johnnythegeek
50%
50%
Johnnythegeek,
User Rank: Apprentice
2/20/2012 | 4:11:14 AM
re: Google's Privacy Invasion: It's Your Fault
Their are ways to access the web more privately. But most user I am sure do not take advantage of it. We choose to demand free sites and in the end the devil is marketing tracking cookies. Their are some sites I prefer have less ads such as Hotmail. I hate those right side bar ads. So now I pay a little every year to make them go away. Their are some free ways such as AdBlock and they work well. But for me the most annoying was pop ups and almost any browser blocks those if you want. Otherwise I really do not care so much about ads. Their are ads everywhere in life. So why should we think the internet would be any different?
Eschewing Obfuscation
50%
50%
Eschewing Obfuscation,
User Rank: Apprentice
2/20/2012 | 4:30:47 AM
re: Google's Privacy Invasion: It's Your Fault
How about rather than hoping for Google to offer a paid membership option we hope for transparent disclosure and honesty? Privacy hawks aside, Google's shareholders have a right to accurate information regarding Google's solicitation, use of, and strategies for gaining personal information. You can go back and forth about Safari settings and Google opt-outs all day, but that's disingenuous. Yes, every aspect of 'free' web services hinges on user data. But when a publicly traded company purports to be above all of that and subscribe to the idea of 'don't be evil'', any failure to live up to that standard is an ethical failure to live up to stockholder expectations.

In terms of whether or not people care about privacy, and where blame rightfully belongs, the issue breaks in much the same way. If Google didn't make such a large issue of their trustworthiness and adherence to privacy standards, then yes, average internet users would be to blame for sacrificing their own privacy. BUT Google advertises itself as being above such shenanigans. This is not a 'blame the dumb users, they don't know what they're doing' issue. This is a clear issue of bait and switch. Google draws in users with promises of ethical behavior, responsible usage of data, and respecting privacy. If it is not prepared to live up to those promises, regardless of why, it should not make them; When it fails to live up to its own promises, its users should rightfully throw a fit and demand change.

Don't blame users for expecting companies to act as advertised. Blame companies for making false promises.
TuleeGirl
50%
50%
TuleeGirl,
User Rank: Apprentice
2/20/2012 | 5:42:07 AM
re: Google's Privacy Invasion: It's Your Fault
I hate being tracked by Google with their "above the rest" attitude. I thought they were 'special' when it came to using users personal information. In the end it's every man for him self. Which translates to every search engine will track you and keep cookies stored on your computer so they can market products that you seem to be interested in. Which is fine because I regularly delete them. I delete all the L.S.O.'s as well. I think those are worse. If not for some research I wouldn't even know about the L.S.O's. I've disabled my updates with Adobe so I won't have to worry about some new technology development that I'll have to keep up with in order to maintain my privacy. And I thought the Patriot Act was bad!
jdoncaster570
50%
50%
jdoncaster570,
User Rank: Apprentice
2/21/2012 | 5:39:18 PM
re: Google's Privacy Invasion: It's Your Fault
Funny.. I have Do not track Plus on my browser and this information Week page shows 20 tracking devices (cookies) .. the highest I have seen on any one page... glass houses and all...
duke
50%
50%
duke,
User Rank: Apprentice
7/12/2012 | 12:21:39 PM
re: Google's Privacy Invasion: It's Your Fault
Thomas Claburn is a douchebag. His "blame the victim" mentality is appalling and insulting. Giving away something for free does not allow ANYBODY, let alone a juggernaut like Google to invade OUR privacy. He also blames the victim for accepting TOS contracts (fine print), which are usually written in gobbledygook or in a way that most laymen would not understand. Using Tom Claburn's logic, that would actually be the consumers' fault for being retarded (basically what Claburn thinks of everybody) and not the company's fault for invading your privacy. To give an example of what Claburn is trying to say, if you were to use the telephone and it happened to be tapped, it would be YOUR fault for using it and not the telephone companies/government's fault. He also mentions in the article that there is not a clear consensus on what the definition of privacy is. How convenient! If the word privacy doesn't even mean anything, then how can you invade it? Funny, after a quick scan of the dictionary, privacy is defined as such: "being free from being observed". Now, that seems like a definition that we all can accept "to our collective satisfaction". Again and not surprisingly, Claburn uses an illogical argument to justify an invasion of privacy. Last, but not least, Claburn implies that Google's privacy invasion is necessary for the consumer to keep getting free Google. Sorry, but privacy does not cost money - it is a fundamental human right (unless you are a tyrant). Claburn uses the black and white argument that it's either no privacy and free Google, or privacy and no free Google. If that were true, it doesn't change the fact that Google is invading YOUR privacy to make a quick buck (and who knows what else they're up to) when they could still make billions of dollars doing things that don't require invading the consumers' privacy. Good to know that Claburn puts corporation above consumer.
Tom LaSusa
50%
50%
Tom LaSusa,
User Rank: Apprentice
7/12/2012 | 3:32:39 PM
re: Google's Privacy Invasion: It's Your Fault
Folks,

A friendly reminder that you are encouraged to be as vocal and opinionated as you want to be, so long as you do so in a respectful manner. Insulting/derogatory/offensive language will not be tolerated. Usage of such dialogue can result in your comment being edited or removed -- and potentially having your profile blocked.

Thanks
Tom LaSusa
Community Manager
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Listen Now Botnet Takedowns: Who's Winning, Who's Losing
Sara Peters hosts a conversation on Botnets and those who fight them.