LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-17-2010, 10:22 AM   #226
harryhaller
Member
 
Registered: Sep 2004
Distribution: Slackware-14.2
Posts: 468

Rep: Reputation: Disabled

Quote:
Originally Posted by H_TeXMeX_H View Post
my goodness, they release them one right after another, I'm getting sick of recompiling these so often.
Mozilla released Firefox 3.6.10 a little too quick for my liking. I started getting problems so I went back to Firefox 3.6.09.

Problems included not installing some extensions and I suddenly started getting some dhcpcd problems which disappeared after I went back to Firefox 3.6.09.
 
Old 10-19-2010, 06:30 PM   #227
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Firefox 3.6.11 and 3.5.14 have been released.

They address a fair number of security issues, many of which are rated as Critical.
 
1 members found this post helpful.
Old 10-26-2010, 04:55 PM   #228
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Exclamation Critical vulnerability in Firefox 3.5 and Firefox 3.6

Quote:
Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild.
Complete Post
 
Old 10-27-2010, 02:35 AM   #229
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301
Quote:
Originally Posted by win32sux View Post
I think it is only relevant for Window$:
http://www.norman.com/about_norman/p...0/129223/en-us
http://www.norman.com/security_cente...rchive/129146/

Quote:
Belmoo is a Windows executable, 48640 bytes long. It is written in C, and is not compressed or encrypted in any way. The executable is apparently created Sun Oct 24 16:26:29 2010.
Installation

Upon execution it will copy itself to the <%WINDOWS%> \temp folder and create registry keys so that it is started from bootup:

* Creates file [WINDIR]\temp\symantec.exe.

* Creates value "Microsoft Windows Update"="[WINDIR]\temp\symantec.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Microsoft Windows Update"="[WINDIR]\temp\symantec.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

Note that it uses the command line option REG in order to do the registry modification; it does not manipulate registry directly from the program.
 
Old 10-27-2010, 03:19 PM   #230
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by H_TeXMeX_H View Post
That's possible, but we've had similar suspicions here in this thread in the past and they've turned out to be multi-platform vulnerabilities (we shouldn't go solely by the platform which one specific exploit runs on). Given that this is a zero-day vulnerability, it's important for all cautious Firefox users to raise their alertness levels and take any steps deemed necessary until the details get sorted out.

Of course, if anyone has concrete evidence that this is indeed a Windows-only vulnerability, please do share.
 
Old 10-27-2010, 06:49 PM   #231
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Firefox 3.6.12 and 3.5.15 have been released.

FWIW, the relevant advisory and the bug report confirm this vulnerability did in fact affect the GNU/Linux version.

Last edited by win32sux; 10-27-2010 at 06:52 PM.
 
Old 12-09-2010, 05:18 PM   #232
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Firefox 3.6.13 and 3.5.16 have been released.

They address many vulnerabilities rated as Critical. FWIW, the related Secunia advisory is here.

Last edited by win32sux; 12-10-2010 at 01:55 PM. Reason: Added link to Secunia advisory.
 
Old 03-01-2011, 08:21 PM   #233
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Firefox 3.6.14 and 3.5.17 have been released.

They address many vulnerabilities rated as Critical. FWIW, the related Secunia advisory is here.

Last edited by win32sux; 03-02-2011 at 07:50 AM. Reason: Added link to Secunia advisory.
 
Old 03-22-2011, 11:27 PM   #234
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Firefox Blocking Fraudulent Certificates

Quote:
Mozilla has been informed about the issuance of several fraudulent SSL certificates for public websites. The certificates have been revoked by their issuer which should protect most users. This is not a Firefox-specific issue. As part of our ongoing commitment to providing a secure Web experience for users, we have updated Firefox 4.0, 3.6, and 3.5 to recognize these certificates and block them automatically.
Complete Post

Release Notes: 3.6.16 | 3.5.18 | 4.0
 
Old 03-26-2011, 12:39 AM   #235
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Comodo Certificate Issue – Follow Up

Quote:
This is a follow-up to the previous Mozilla report about the fraudulent certificates issued by Comodo last week.
Interesting tidbit that was even the focus of Slashdot coverage:
Quote:
In hindsight, while it was made in good faith, this was the wrong decision. We should have informed web users more quickly about the threat and the potential mitigations as well as their side-effects.
Complete Post
 
Old 04-29-2011, 10:47 AM   #236
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Firefox 4.0.1, 3.6.17, and 3.5.19 have been released. They address several vulnerabilities rated as Critical.

Secunia Advisory for Firefox 3.5.x and 3.6.x: http://secunia.com/advisories/44357/

Secunia Advisory for Firefox 4.0.x: http://secunia.com/advisories/44406/

Last edited by win32sux; 05-01-2011 at 04:11 PM. Reason: Added links to relevant Secunia Advisories.
 
Old 05-25-2011, 10:18 AM   #237
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Compact web page navigation dangers on Chrome and Firefox

Quote:
Google and Mozilla are reported to be working on a compact web page navigation feature for their respective browsers, generating concern from a number of security sources.
Complete Article
 
Old 05-25-2011, 10:46 AM   #238
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301
I don't see any use for such a feature anyway. Why is it so important nowadays that you have maximum viewing space in your browser ? Or is this what the devs think ? I want a functional browser that I can use quickly and efficiently. I don't care about viewing area. I need quick access to the bookmarks toolbar, address bar, bookmarks etc. But, they seem to make it more bloated and more confusing with every release. What is with them ? Do they listen to the users ?
 
Old 06-13-2011, 03:01 PM   #239
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Economics of vulnerabilites roundtable

Quote:
Mozilla recently had the opportunity to participate in a panel discussion regarding the economics of vulnerabilities and bug bounties at the Hack in the Box conference in Amsterdam. Out of that came some interesting insights about how various markets are monetizing vulnerabilities, and the resulting implications for vendors, users and pretty much everyone else. You can read the full post here.
Complete Post
 
Old 06-17-2011, 09:42 AM   #240
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Mozilla Firefox WebGL Graphics Memory Information Disclosure Weakness

Quote:
Context has reported a weakness in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information.

An unspecified error in the WebGL implementation can be exploited to disclose certain information e.g. screenshots of a victim's desktop.

The weakness is reported in version 4.0.1. Other versions may also be affected.
Secunia Advisory
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Mozilla Thunderbird to Find New Home as Mozilla Foundation Focuses on Mozilla Firefox LXer Syndicated Linux News 0 07-27-2007 09:16 AM
LXer: Mozilla Firefox 1.5.0.8 and Mozilla Thunderbird 1.5.0.8 Released LXer Syndicated Linux News 0 11-09-2006 05:21 PM
LXer: Mozilla Corporation Signs Mozilla Firefox Distribution Deal with RealNetworks LXer Syndicated Linux News 0 08-03-2006 03:21 PM
LXer: Mozilla Firefox and Mozilla Thunderbird 1.5.0.5 Community Test Day LXer Syndicated Linux News 0 07-14-2006 08:54 AM
Mozilla flaws could allow attacks, data access into Firefox & Mozilla web browsers! t3gah Linux - Security 6 04-09-2006 04:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration