Sucuri Blog

Website Security News

Joomla 2.5.8 and 3.0.2 Released (Security Updates)

Joomla 2.5.8 and 3.0.2 were just released today fixing a medium severity security bug related to a clickjacking/XSS vulnerability. You can find more details on their release notes:

If you are not familiar with ClickJacking, Wikipedia explains it well:

Clickjacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.

And remember, the leading cause for website compromises is outdated software! So as a website owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Sucuri SiteCheck was also updated to alert users not running version 2.5.8/3.0.2 on their Joomla sites.

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. Marvin the Martian

    Logging in as admin, my ‘update’ icon first thinks 1-2sec then shows a tickmark ‘up to date’. Clicking it, it says [copypasta:] “Joomla! Update
    No updates available
    You already have the latest Joomla! version, 2.5.7.”

    So what am I doing wrong?

    • bay area jenn

      hover over components and click on “joomla update” – what happens then?

  3. Many people assume there is nothing to writing a piece of writing, however they’re not professionals.

  4. This article was therefore smart. It undoubtedly shows that you just spent plenty of your time in analysis to provide such a fine article. Thank you.

  5. I’ve browse plenty of on-line articles on this subject of late. Yours is that the only 1 that basically created sense to ME. Thanks a bunch.

  6. I got so involved in your article that i couldn’t even produce myself
    quit reading. thanks for producing such nice quality work.

  8. Right on! And remember, the leading cause for website compromises is outdated software! So as a website owner, you have to do your part to minimize risk and keep your site (and your users) safe.

  9. Right on! And remember, the leading cause for website compromises is outdated software
    Thanks for let me know it. It is very helpful