LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-09-2010, 05:26 PM   #196
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550

Actually that stuff is quite interesting, and something that hadn't occurred to me before reading the article and some related articles. Thanks for posting about it.
 
Old 04-22-2010, 07:35 PM   #197
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox 3.6.4 release on May 4, second test version on April 27

Quote:
Mozilla has just put online a first beta of Firefox 3.6.4. which includes a mechanism for isolation plugins. The Mozilla browser strengthens its stability.

Firefox 3.6.4 provides an insulation function of grafts. In the event of a crash of a plug-in, web browser will continue to operate. Functionality already found in third-party products, such as Internet Explorer and Chrome. Caution, however, because only Flash, QuickTime and Silverlight will benefit from this technology. The other grafts continue to function as usual.

Developers have the opportunity to correct also almost 170 bugs, which will improve the stability of the browser and address various security issues.
Complete Post

The page for Mozilla Firefox beta releases is here.

Last edited by win32sux; 04-22-2010 at 07:36 PM.
 
Old 05-06-2010, 01:20 AM   #198
catilley1092
Member
 
Registered: Aug 2009
Location: East Coast, USA
Distribution: Linux Mint "Mate" x64 (primary OS), Win 7/8 x64, XP Home/Pro x32.
Posts: 61

Rep: Reputation: 17
Well, IE is targeted by this same problem now (remote code execution) Many are adopting Firefox (3.6.3) over it. I, preferring beta products (someone has to try them out & use them) have 3.6.4. This issue appears as though it will never stop, so everyone, stay on your toes. FF with No Script, along with safe computing practices, will help to minimize any damage that these people who are responsible for this are trying to do. People are nuts these days, a couple of days ago, someone joined our forum and posted a command to "increase speed & performance". Turns out that one of the moderators caught on quickly, entering this command & pressing "enter" would destroy the entire Windows files & subfolders. It is sickening to think that someone would post this command on an open forum that's here to help others. I'm staying alert as possible on this issue that the OP brought up, and making efforts to educate others, too. Best wishes to all!

Last edited by catilley1092; 05-10-2010 at 09:49 AM. Reason: added information
 
Old 06-04-2010, 02:18 AM   #199
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox Error Handling Information Disclosure Vulnerability

Quote:
Soroush Dalili has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to the "window.onerror" handler being allowed to read the destination URL of a redirection. This can be exploited to e.g. disclose session-specific query parameters contained in a target URL by referencing a redirecting site via an HTML "<script>" tag.

The vulnerability is confirmed in version 3.6.3 and 3.5.9. Other versions may also be affected.
Secunia Advisory
 
Old 06-22-2010, 06:41 PM   #200
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.6.4 has been released.

It includes many security fixes, several of which are rated as critical.

It also brings with it a new crash-protection feature.

FWIW, Firefox 3.5.10 has also been released.

Last edited by win32sux; 06-22-2010 at 06:44 PM.
 
Old 06-23-2010, 04:53 AM   #201
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
thanks for the update
 
Old 06-23-2010, 01:16 PM   #202
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by H_TeXMeX_H View Post
thanks for the update
No problem. BTW, Secunia released their relevant advisory today.

Last edited by win32sux; 06-23-2010 at 01:17 PM.
 
1 members found this post helpful.
Old 06-24-2010, 03:00 PM   #203
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox Address Bar Spoofing Vulnerability

Quote:
Michal Zalewski has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to the address bar of a newly opened window displaying the URL of the requested location before the page is loaded. This can be exploited to display arbitrary content in the blank document while showing the URL of a trusted web site in the address bar, e.g. by calling "window.stop()" to abort loading the new page.

The vulnerability is confirmed in version 3.6.4. Other versions may also be affected.
Secunia Advisory

Last edited by win32sux; 06-24-2010 at 04:29 PM. Reason: Added bold font.
 
Old 06-26-2010, 10:50 PM   #204
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.6.6 has been released.

It doesn't seem like it addresses the vulnerability mentioned in my previous post, though.
 
Old 06-27-2010, 04:24 AM   #205
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
well at least they fixed it quick, now I have to compile it again
 
Old 07-17-2010, 05:38 AM   #206
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Refresh of the Mozilla Security Bug Bounty Program

Quote:
Mozilla launched its security bounty program in 2004 and while the original mission of protecting users by supporting security research has not changed, the security environment has changed tremendously. In recognition of these changes we are updating our security bounty program to better support constructive security research.

For new bugs reported starting July 1st, 2010 UTC we are changing the bounty payment to $3,000 US per eligible security bug.
Complete Post
 
Old 07-20-2010, 05:29 PM   #207
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.6.7 and 3.5.11 have been released.

Both include many security fixes rated critical by Mozilla.

The release notes for 3.6.7 are here.

The release notes for 3.5.11 are here.
 
1 members found this post helpful.
Old 07-20-2010, 08:46 PM   #208
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
The Internet Explorer, Firefox, Chrome, and Safari browsers are susceptible to attacks that allow webmasters to glean highly sensitive information about the people visiting their sites, including their full names, email addresses, location, and even stored passwords, a security researcher says.

In a talk scheduled for next week's Black Hat security conference in Las Vegas, Jeremiah Grossman, CTO of White Hat Security, plans to detail critical weaknesses that are enabled by default in the browsers, which are the four biggest by market share. The vulnerabilities have yet to be purged by the respective browser makers despite months, and in some cases, years of notice.
Complete Article

Thanks to Threatpost for covering this.
 
1 members found this post helpful.
Old 07-21-2010, 04:25 AM   #209
GazL
Senior Member
 
Registered: May 2008
Posts: 3,392

Rep: Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918
Triggering the input from JavaScript as described in the above article is interesting and something I hadn't considered, but even without the JavaScript angle, those features screamed "BAD IDEA" at me so loudly from the very first that it even penetrated my tin-foil hat. Turning off form input auto-complete, and password saving features is one of the first things I do after installing a browser.


The remote code execution issues in Firefox are much more worrying though. If they can find this many to fix in a single patch, it makes me wonder just how many others are lurking in there.
 
1 members found this post helpful.
Old 07-23-2010, 11:37 PM   #210
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,733
Blog Entries: 12

Rep: Reputation: 456Reputation: 456Reputation: 456Reputation: 456Reputation: 456
Firefox 3.6.8 released
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Mozilla Thunderbird to Find New Home as Mozilla Foundation Focuses on Mozilla Firefox LXer Syndicated Linux News 0 07-27-2007 09:16 AM
LXer: Mozilla Firefox 1.5.0.8 and Mozilla Thunderbird 1.5.0.8 Released LXer Syndicated Linux News 0 11-09-2006 05:21 PM
LXer: Mozilla Corporation Signs Mozilla Firefox Distribution Deal with RealNetworks LXer Syndicated Linux News 0 08-03-2006 03:21 PM
LXer: Mozilla Firefox and Mozilla Thunderbird 1.5.0.5 Community Test Day LXer Syndicated Linux News 0 07-14-2006 08:54 AM
Mozilla flaws could allow attacks, data access into Firefox & Mozilla web browsers! t3gah Linux - Security 6 04-09-2006 04:00 AM


All times are GMT -5. The time now is 07:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration