Update 20150807 UTC
--mancha |
I've just built and upgraded to 38.1.1esr. Be aware that there are changes in how this firefox handles profiles. I highly recommend backing up the .mozilla folder before starting the newly installed firefox. I've already needed the back up for restoring some of my preferences.
|
Update
Regarding the Firefox flaw (CVE-2015-4495) I report above, Mozilla published a blog entry that briefly describes one exploit found in the wild that uses this vulnerability to steal files from Windows and Linux systems and uploads them to what appears to be a machine in Ukraine. They recommend changing passwords/keys in certain files targeted by that particular exploit. I would err on the side of caution and expand the recommendation to include all password/keys accessible by the Firefox process. --mancha |
thanks for the heads-up, mancha: a reason more to keep using adblock and noscript extensions.
|
It's weird, that CVE number comes up as reserved at http://cve.mitre.org/cgi-bin/cvename...=CVE-2015-4495.
But a search for the exploit here https://web.nvd.nist.gov/view/vuln/s...execution=e2s1 brings up https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-2743. Is this perhaps the syntax change that mitre.org is describing? |
CVE-2015-4495 is very impressive :-(. Does it mean that Firefox users must update all certificates, ssh, gpg keys etc.?
|
Quote:
Where does that leave users of SeaMonkey, which hasn't been updated since March? Thanks. |
Uh ... just disable the builtin pdf viewer in firefox?!?!?!?!
Set "pdfjs.disabled" to true in "about:config". mupdf and evince do not have javascript builtin. From the mupdf slackbuild: Code:
MUJS="${MUJS:-no}" |
Quote:
|
Quote:
Code:
firejail --profile=/etc/firejail/firefox.profile --caps firefox |
Quote:
|
Just as a heads up, firejail is available at SBo http://slackbuilds.org/repository/14.1/system/firejail/
I'm going to try it after I post this. EDIT: the version in the SlackBuild is a bit old, but substituting the newer version (0.9.28) in the script, it builds without errors. POST EDIT: running a simple instance of Code:
firejail firefox LAST EDIT: I noticed that if you try to start firefox jailed by firejail and you already have an instance of firefox running unjailed, firejail will close and the new firefox is attaching (this is a guess) to the existing firefox process. If you ensure that the first firefox is firejail'd, then it seems that new firefox windows get immediated jailed (another guess, will try to debug to be sure). The dev for firejail seems to be very active and very responsive, so I am encouraged about this. |
Updates for ca-certificates, mozilla-nss, mozilla-firefox have been released for both 14.1 and current.
|
What is better approach, firejail or running firefox under a different user like "Skype with a grain of salt"?
|
Quote:
Code:
blacklist {HOME}/documents |
All times are GMT -5. The time now is 08:53 PM. |