Mozilla Firefox 1.5.0.4 has been released. It addresses several security issues.
|
yes, yes, we know it well :)
|
Firefox File Upload Form Keystroke Event Cancel Vulnerability (Not Critical)
Quote:
FYI: This bug seems to affect Mozilla, Seamonkey, and Netscape as well. |
Hello,
Firefox needn't be compiled, so it really does not replace the binary '/usr/bin/firefox'. When you untar the archive, it just gets unpacked and a new directory called 'firefox' is created with the contents. You can call the new firefox binary by issuing the complete path.. ie.. firefox/firefox&, staying where the package is unpacked. The plugins and extensions reside in the '.mozilla/plugins/' directory in your home folder. The bookmarks are written in the file 'bookmarks.html' in the directory '.mozilla/firefox/PROFILE', where PROFILE is your profile name. Also if you need the command 'firefox' to call the new firefox binary, just create a soft link to the new location for '/usr/bin/firefox'. ie.. ln -s /home/username/firefox/firefox /usr/bin/firefox Thanks.. |
Mozilla Firefox and Mozilla Thunderbird 1.5.0.5 Community Test Day
From mozillaZine:
Quote:
|
Firefox 1.5.0.5 has been released.
|
Mozilla Firefox Memory Corruption Weakness (Not Critical)
Quote:
Not sure if this affects the GNU/Linux version of Firefox. Can anyone confirm? |
Mozilla Firefox Multiple Vulnerabilities (HIGHLY CRITICAL)
Quote:
|
It seems that the popular browsers like IE and Firefox are attacked, but mostly IE. So I guess I should use an obscure browser like lynx or something when I want to visit a dangerous looking site (not that I visit any sites that I don't trust...) since I don't think anyone would waste time writing a virus for a text-based browser lol.
|
Hackers claim zero-day flaw in Firefox
Quote:
|
It says that all OS users are affected (Windows, Mac OSX, Linux) but I don't see how it could get me if I am running Suse Linux as non-root. But I guess it would try to get my e-mail address. That's just more annoying than it is malicious.
|
The open-source Firefox Web browser is critically flawed in the way it handles JavaScript
No kidding. Anyone who has ever disabled Java and Javascript in FF knows you can *still* encounter the "Do you want to stop this script?" message that only pops up when a Javascript has run for too long (dom.max_script_run_time, IIRC) which means even if it says "off" it apparently *still* parses Javascript. But I guess it would try to get my e-mail address. I read three counts of being able to "execute arbitrary code" which, even if you couldn't exploit that in any practical way, each would be far more interesting than harvesting mere email addresses. |
For unSpawn (and anyone else reading)
I ran accross that "zero day" article too (http://news.zdnet.com/2100-1009_22-6121608.html). I have two (2) questions. The 1st question is easy:
1) What does "zero day" mean? The 2nd question requires a bit of background. Assume I am running FF and some malicious script wants to get in and assume it does get it. Let's pretend that the command it runs is something to wipe my files, like: "rm -fr ~/*" Now, assume I have two (2) Linux user accounts (neither is root). They both share the same "home" partition but of course, each account has its own home directory. Also, User account #1 has more read and write privledges (sp?)than User account #2. For example, User account #1 can read and write everything in both User account home directories. User account #2, however, can only read and write to its own home directory, though it can read the mp3 files I have in the User account #1directory. My 2nd question: 2) If I am running Firefox via User account #2 and this malicious script jumps on board, will it fark up the directories in both user accounts, or only User account #2? What about my mp3 files? Thanks! |
Quote:
Quote:
but once an attacker has the ability to execute code as the non-root user running firefox, he has the possibility of hitting you with a local privilage escalation exploit (if you have such a vulnerability on your system) - and of course once he gets to be root, then system access is virtually unlimited for him - unless you have setup some sort of additional armour like selinux or something like that... |
Quote:
How can you prevent a "local privilage escalation exploit?" Is there certain software you dl or do you need to play around with your OS settings? What about requiring "root" to install something? I was under the impression that in Linux you do not normally run as root, so if something tried to install, some pop up window would say "you need root access to proceed" . . .or something like that. Since I am obviously not running as root, how could it install something? Or is it more complicated than the "do not run as root" argument? Thanks. |
All times are GMT -5. The time now is 10:10 AM. |