Usually I wouldn't post just because Macromedia released a new security bulletin, but since I mentioned The CFMX Privilege Escalation Vulnerability last Thursday, I think it's worth posting that Macromedia has just posted Security Bulletin MPSB04-10 which specifically addresses this issue.

According to Security Focus:

Reportedly Macromedia ColdFusion MX is affected by privilege escalation vulnerability when handling templates. This issue is due to an access validation error that allows a user to perform actions with administrator privileges. An attacker may exploit this issue to gain administrative privileges on a computer running the vulnerable application.

There is even some exploit code available... This exploit is primarily a concern to sites on shared CFMX servers. I wonder though, if this exploit will work under all configurations. It seems to me that multi-instance configurations could/should be immune. If anyone has more info on this, please feel free to chare in the comments. Hat tip to Bump for sending me the link to this.

As Mozilla continues to rise in popularity and gain market share, some websites are being revealed as poorly coded or not up to date. Even well established and respected companies are missing the point. Take the San Diego Business Journal as a prime example. Works in IE, and even seems to be updated daily. In Mozilla however, the homepage will not even load. Does this represent new opportunities for web developers to go "fix up" these naively IE only websites? Yup. Is there a good chance that the same decision makers will choose another web development firm which lacks the ability and/or foresight to build a cross platform website? Yup. Note: All of my emails to the newspaper about this problem have gone into a black hole. I have to assume they know about this problems and either don't understand it or don't care about it.