Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
my goodness, they release them one right after another, I'm getting sick of recompiling these so often.
Mozilla released Firefox 3.6.10 a little too quick for my liking. I started getting problems so I went back to Firefox 3.6.09.
Problems included not installing some extensions and I suddenly started getting some dhcpcd problems which disappeared after I went back to Firefox 3.6.09.
Critical vulnerability in Firefox 3.5 and Firefox 3.6
Quote:
Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild.
Belmoo is a Windows executable, 48640 bytes long. It is written in C, and is not compressed or encrypted in any way. The executable is apparently created Sun Oct 24 16:26:29 2010.
Installation
Upon execution it will copy itself to the <%WINDOWS%> \temp folder and create registry keys so that it is started from bootup:
* Creates file [WINDIR]\temp\symantec.exe.
* Creates value "Microsoft Windows Update"="[WINDIR]\temp\symantec.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Microsoft Windows Update"="[WINDIR]\temp\symantec.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
Note that it uses the command line option REG in order to do the registry modification; it does not manipulate registry directly from the program.
That's possible, but we've had similar suspicions here in this thread in the past and they've turned out to be multi-platform vulnerabilities (we shouldn't go solely by the platform which one specific exploit runs on). Given that this is a zero-day vulnerability, it's important for all cautious Firefox users to raise their alertness levels and take any steps deemed necessary until the details get sorted out.
Of course, if anyone has concrete evidence that this is indeed a Windows-only vulnerability, please do share.
Mozilla has been informed about the issuance of several fraudulent SSL certificates for public websites. The certificates have been revoked by their issuer which should protect most users. This is not a Firefox-specific issue. As part of our ongoing commitment to providing a secure Web experience for users, we have updated Firefox 4.0, 3.6, and 3.5 to recognize these certificates and block them automatically.
In hindsight, while it was made in good faith, this was the wrong decision. We should have informed web users more quickly about the threat and the potential mitigations as well as their side-effects.
Compact web page navigation dangers on Chrome and Firefox
Quote:
Google and Mozilla are reported to be working on a compact web page navigation feature for their respective browsers, generating concern from a number of security sources.
I don't see any use for such a feature anyway. Why is it so important nowadays that you have maximum viewing space in your browser ? Or is this what the devs think ? I want a functional browser that I can use quickly and efficiently. I don't care about viewing area. I need quick access to the bookmarks toolbar, address bar, bookmarks etc. But, they seem to make it more bloated and more confusing with every release. What is with them ? Do they listen to the users ?
Mozilla recently had the opportunity to participate in a panel discussion regarding the economics of vulnerabilities and bug bounties at the Hack in the Box conference in Amsterdam. Out of that came some interesting insights about how various markets are monetizing vulnerabilities, and the resulting implications for vendors, users and pretty much everyone else. You can read the full post here.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.