Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-18-2005, 07:38 PM
|
#1
|
Member
Registered: Dec 2004
Distribution: SuSE, RedHat, ubuntu, Debian
Posts: 734
Rep:
|
Mozilla flaws could allow attacks, data access into Firefox & Mozilla web browsers!
Quote:
Mozilla flaws could allow attacks, data access!
Date: Monday, 18 April 2005
... could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.
Details of the nine flaws were published on Mozilla's security Web site over the weekend.
|
Quote link > http://www.linuxsecurity.com/content/view/118903/65/
Any Mozilla.org browser earlier than Mozilla 1.7.7 and Firefox 1.0.3 is vulnerable.
So if you've downloaded that Firefox 1.0.2-3 RPM from http://fedora.redhat.com you may be in for it!
Last edited by t3gah; 04-18-2005 at 07:48 PM.
|
|
|
04-18-2005, 10:22 PM
|
#2
|
Senior Member
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154
Rep:
|
1) since it was c-net's article, why not give them the credit, instead of linking through linux security, which just copied the article?
2) this backs the (inacurate) arguement that there is no such thing as a virus in linux, only shoddy permissions. The vulnerability in mozilla/firefox would be far more devistating to a windows user, especially one with admin rights (most any windows user). and far less could be accomplished by gaining regular-user access to a linux machine -- because nobody here runs as root regularly... --this, and the market share of windows means i expect more exploits to be written for a windows platform... giving me even less concern over this issue
in conclusion, go ahead and scream about it in a windows forum, but i don't think we need all the hype in here... maybe i'm a little too low-key, but i don't see this as a major threat. moreover, i get a kick out of how people have come running to me to tell me about security vulnerabilities they've heard exist in firefox (because i like to promote it to people, they like to share their experiences) --because somehow they never hear of problems with security with IE, or windows in general. i laugh at them, and try to polietly explain how vulnerabilities are a fact of life, and always will be.
Last edited by secesh; 04-18-2005 at 10:24 PM.
|
|
|
04-19-2005, 01:44 AM
|
#3
|
LQ Guru
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298
Rep:
|
A dramatic article from cnet, for flaws that have already been publicly mentioned over the last few weeks.
Last edited by reddazz; 04-19-2005 at 03:22 AM.
|
|
|
04-19-2005, 02:02 AM
|
#4
|
Senior Member
Registered: Mar 2005
Location: Las Vegas, NV
Distribution: Mandriva Slackware FreeBSD
Posts: 1,468
Rep:
|
Quote:
Originally posted by secesh
1) since it was c-net's article, why not give them the credit, instead of linking through linux security, which just copied the article?
2) this backs the (inacurate) arguement that there is no such thing as a virus in linux, only shoddy permissions. The vulnerability in mozilla/firefox would be far more devistating to a windows user, especially one with admin rights (most any windows user). and far less could be accomplished by gaining regular-user access to a linux machine -- because nobody here runs as root regularly... --this, and the market share of windows means i expect more exploits to be written for a windows platform... giving me even less concern over this issue
in conclusion, go ahead and scream about it in a windows forum, but i don't think we need all the hype in here... maybe i'm a little too low-key, but i don't see this as a major threat. moreover, i get a kick out of how people have come running to me to tell me about security vulnerabilities they've heard exist in firefox (because i like to promote it to people, they like to share their experiences) --because somehow they never hear of problems with security with IE, or windows in general. i laugh at them, and try to polietly explain how vulnerabilities are a fact of life, and always will be.
|
You said it!!!! and I have also stated in past posts. Viruses can only attack files that are available to the virus. A user downloading a program that contains a virus would still have to be able to write to it, IE permission!!! that is the key to Linux and why Windows until recently suffers. A virus can attatch itself to any .exe, .dll or .sys file in windows with-out any permission or knowledge from the user. That is, why I think, windows has so many wholes. A virus can't infect a system that it cannot write too!!! Windows FINALLY got the massage when they added Admin and user accounts on 2k and XP. sheesh....
Just a thought.
KC
|
|
|
04-19-2005, 09:34 AM
|
#5
|
Member
Registered: Apr 2002
Posts: 498
Rep:
|
Mozilla really needs to hire the guy that keeps finding these holes. He's been ripping through every release of Firefox for the last 6-8 weeks.
|
|
|
04-19-2005, 10:25 AM
|
#6
|
LQ Guru
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298
Rep:
|
I don't think its the same guy who found all the vulnerabilities.
|
|
|
04-09-2006, 05:00 AM
|
#7
|
Senior Member
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519
Rep:
|
I just swithched over to linux becuase I loved the open source browser. I could not believe the way new ideas, implementations such as extensions! existed in open-source.
Last edited by Old_Fogie; 06-09-2006 at 05:27 PM.
|
|
|
All times are GMT -5. The time now is 02:30 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|