LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-18-2005, 06:38 PM   #1
t3gah
Member
 
Registered: Dec 2004
Distribution: SuSE, RedHat, ubuntu, Debian
Posts: 734

Rep: Reputation: 30
Exclamation Mozilla flaws could allow attacks, data access into Firefox & Mozilla web browsers!


Quote:
Mozilla flaws could allow attacks, data access!

Date: Monday, 18 April 2005
... could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.

Details of the nine flaws were published on Mozilla's security Web site over the weekend.
Quote link > http://www.linuxsecurity.com/content/view/118903/65/

Any Mozilla.org browser earlier than Mozilla 1.7.7 and Firefox 1.0.3 is vulnerable.

So if you've downloaded that Firefox 1.0.2-3 RPM from http://fedora.redhat.com you may be in for it!

Last edited by t3gah; 04-18-2005 at 06:48 PM.
 
Old 04-18-2005, 09:22 PM   #2
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
1) since it was c-net's article, why not give them the credit, instead of linking through linux security, which just copied the article?

2) this backs the (inacurate) arguement that there is no such thing as a virus in linux, only shoddy permissions. The vulnerability in mozilla/firefox would be far more devistating to a windows user, especially one with admin rights (most any windows user). and far less could be accomplished by gaining regular-user access to a linux machine -- because nobody here runs as root regularly... --this, and the market share of windows means i expect more exploits to be written for a windows platform... giving me even less concern over this issue

in conclusion, go ahead and scream about it in a windows forum, but i don't think we need all the hype in here... maybe i'm a little too low-key, but i don't see this as a major threat. moreover, i get a kick out of how people have come running to me to tell me about security vulnerabilities they've heard exist in firefox (because i like to promote it to people, they like to share their experiences) --because somehow they never hear of problems with security with IE, or windows in general. i laugh at them, and try to polietly explain how vulnerabilities are a fact of life, and always will be.

Last edited by secesh; 04-18-2005 at 09:24 PM.
 
Old 04-19-2005, 12:44 AM   #3
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
A dramatic article from cnet, for flaws that have already been publicly mentioned over the last few weeks.

Last edited by reddazz; 04-19-2005 at 02:22 AM.
 
Old 04-19-2005, 01:02 AM   #4
kencaz
Senior Member
 
Registered: Mar 2005
Location: Las Vegas, NV
Distribution: Mandriva Slackware FreeBSD
Posts: 1,468

Rep: Reputation: 48
Quote:
Originally posted by secesh
1) since it was c-net's article, why not give them the credit, instead of linking through linux security, which just copied the article?

2) this backs the (inacurate) arguement that there is no such thing as a virus in linux, only shoddy permissions. The vulnerability in mozilla/firefox would be far more devistating to a windows user, especially one with admin rights (most any windows user). and far less could be accomplished by gaining regular-user access to a linux machine -- because nobody here runs as root regularly... --this, and the market share of windows means i expect more exploits to be written for a windows platform... giving me even less concern over this issue

in conclusion, go ahead and scream about it in a windows forum, but i don't think we need all the hype in here... maybe i'm a little too low-key, but i don't see this as a major threat. moreover, i get a kick out of how people have come running to me to tell me about security vulnerabilities they've heard exist in firefox (because i like to promote it to people, they like to share their experiences) --because somehow they never hear of problems with security with IE, or windows in general. i laugh at them, and try to polietly explain how vulnerabilities are a fact of life, and always will be.
You said it!!!! and I have also stated in past posts. Viruses can only attack files that are available to the virus. A user downloading a program that contains a virus would still have to be able to write to it, IE permission!!! that is the key to Linux and why Windows until recently suffers. A virus can attatch itself to any .exe, .dll or .sys file in windows with-out any permission or knowledge from the user. That is, why I think, windows has so many wholes. A virus can't infect a system that it cannot write too!!! Windows FINALLY got the massage when they added Admin and user accounts on 2k and XP. sheesh....

Just a thought.

KC
 
Old 04-19-2005, 08:34 AM   #5
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Mozilla really needs to hire the guy that keeps finding these holes. He's been ripping through every release of Firefox for the last 6-8 weeks.
 
Old 04-19-2005, 09:25 AM   #6
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
I don't think its the same guy who found all the vulnerabilities.
 
Old 04-09-2006, 04:00 AM   #7
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519

Rep: Reputation: 63
I just swithched over to linux becuase I loved the open source browser. I could not believe the way new ideas, implementations such as extensions! existed in open-source.

Last edited by Old_Fogie; 06-09-2006 at 04:27 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Document Contains No Data, Firefox and Mozilla knowerrors Linux - Software 16 07-18-2006 05:05 PM
Firefox/Mozilla security flaws and 4.10/5.04 t3gah Ubuntu 2 06-03-2005 01:27 PM
FC3 - font spacing in mozilla browsers (specifically firefox) DrD Fedora 0 12-28-2004 12:50 AM
Mozilla Firefox 0.9.2: Strange fonts when printing web pages gargamel Linux - Software 8 08-03-2004 06:54 PM
mozilla & netscape browsers are not able to display java applets ks_krishna76 Linux - Software 5 03-29-2004 11:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration