Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
US-CERT is aware of public reports of a new cross-browser exploit technique called "Clickjacking." According to one of the reports, Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a web page, they may actually be clicking on content from another page. A separate report indicates that this flaw affects most web browsers and that no fix is available, but that disabling browser scripting and plug-ins may help mitigate some of the risks.
An additional report suggests that Firefox users consider using the NoScript plug-in as an added preventative measure. Disabling IFRAMEs by default, as outlined in the Securing Your Web Browser document, is reported to protect against the vulnerability.
US-CERT encourages users to review the report and follow the security recommendations as described in the Securing Your Web Browser document to help mitigate some of the risks.
US-CERT will provide additional information as it becomes available.
Mozilla Firefox "keypress" User Interface Event Dispatching Weakness
Haven't been able to confirm whether the GNU/Linux version is affected, but here it is:
Quote:
Description:
Aditya K Sood has discovered a weakness in Mozilla Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service).
The weakness is caused due to an error when dispatching "keypress" user interface events with e.g. the HTML root element as target. This may potentially result in use of invalid memory or memory corruption via a specially crafted web page.
Successful exploitation crashes the browser. However, even though code execution has not been proven, it can't be completely ruled out.
The weakness is confirmed in version 3.0.3 for Windows. Version 2.x is not affected.
NOTE: Secunia normally does not classify a browser crash as a vulnerability nor issue an advisory about it. However, the potential impact of this issue may be more severe than currently believed.
Solution:
The weakness is fixed in the pre-release nightly builds of 3.1 and will be fixed in the upcoming version 3.0.4.
Description:
A vulnerability has been reported in Firefox, which can be exploited by malicious people to disclose sensitive information.
The vulnerability is caused due to an error when processing .url shortcuts in HTML elements. This can be exploited to disclose potentially sensitive information from the cache.
Successful exploitation requires that a user is e.g. tricked into opening an HTML page from a local directory or a RAR archive containing .url files.
The vulnerability is reported in version 3.0.3. Other versions may also be affected.
Solution:
Do not open HTML files from untrusted sources.
SYMPTOMS:
Presence of the:
“%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll”
“%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js”
files in the Mozilla Firefox’s plugins and chrome folders.
TECHNICAL DESCRIPTION:
It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively.
Checks may be needed to see if similar version of the code can run in linux ….
Will the following files run in linux ?
(using wine ? will a .dll run in linux !!!)
Can the virus work without the .dll running ?
Is there another version that works within Linux ?
Does anybody know - if it as been checked out yet ?
Will the following files run in linux ? (..) Can the virus work without the .dll running ? (..) Is there another version that works within Linux ? (..) Does anybody know - if it as been checked out yet ?
0) it needs an incendiary (piggyback on something else or active install by the user), 1) the malware currently queries the registry for the mozilla install path 2) it's not an executable or a plugin but an add-on showing the name "npbasic" in the add-ons screen, 3) the files it drops or changes are chrome\chrome\content\browser.js, chrome\chrome\content\browser.xul, plugins\npbasic.dll, plugins\npbasic.dll1 and chrome\browser.manifest, 4) DLL's are not equal to .so's and 5) the "add-on" will be activated when the browser is restarted. So my short answer would be "no", and not right now and that I know of.
Cheers ... I was just worried that there might be a similar one ....... on linux.
The other reason I wrote this was just to make sure as many people were aware of it as possible ...... that way a solution if needed could be found quickly.
I was just worried that there might be a similar one ....... on linux.
No, all I said was that I am not aware of there being one right now. I explicitly did not say that Firefox add-ons, plugins and whatnot or their delivery methods are without problems.
Quote:
Originally Posted by keithinfrance
The other reason I wrote this was just to make sure as many people were aware of it as possible ...... that way a solution if needed could be found quickly.
If you want a solution you should use the developers bug tracker first IMHO.
Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability
Quote:
Mozilla Firefox is affected by a URI-spoofing vulnerability because it fails to adequately handle specific characters in international domain name (IDN) subdomains.
An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.
Firefox 3.0.6 is vulnerable; other versions may also be affected.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.