LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Firefox security, does it matter? (https://www.linuxquestions.org/questions/linux-security-4/firefox-security-does-it-matter-818783/)

Telengard 07-08-2010 06:14 PM

Firefox security, does it matter?
 
In a recent discussion on another forum it was suggested that Linux users need not worry about security patches for Firefox because they only address Windows vulnerabilities. I took issue with this, but I'm having some difficulty convincing people that issues like remote/arbitrary code execution and privilege escalation can impact Linux users. Am I just wrong?

It was further suggested that for a script to be executable on a Linux system the executable bit must be set. I also took issue with this and even provided a simple example to show otherwise. Again I was harshly rebuffed and it was implied that my example was irrelevant. Am I wrong again?

win32sux 07-08-2010 06:57 PM

Quote:

Originally Posted by Telengard (Post 4027753)
In a recent discussion on another forum it was suggested that Linux users need not worry about security patches for Firefox because they only address Windows vulnerabilities. I took issue with this, but I'm having some difficulty convincing people that issues like remote/arbitrary code execution and privilege escalation can impact Linux users. Am I just wrong?

It was further suggested that for a script to be executable on a Linux system the executable bit must be set. I also took issue with this and even provided a simple example to show otherwise. Again I was harshly rebuffed and it was implied that my example was irrelevant. Am I wrong again?

IIRC this was already discussed a while back in the Mozilla Firefox Vulns thread.

Firefox patches do NOT only address Windows vulnerabilities – that would be insane. Even if one can't grasp this by means of common sense, a quick glance at the Firefox bug tracker should provide sufficient evidence, as last time I checked it actually categorizes bugs (including security vulnerabilities) by affected platform. Some of the vulnerabilities they fix are platform-neutral, some are Windows-specific, some are GNU/Linux-specific, etc. I have a feeling the people at the other forum know this but are just busting your chops. :)


All times are GMT -5. The time now is 08:13 AM.