Re: attn linux users- Firefox flaw
From: Circuit Breaker (bagboy6437_at_ship.aol.com)
Date: Sat, 24 Sep 2005 00:35:46 -0400
> '.... Security researchers have discovered a new vulnerability with
> Firefox that might allow hackers to seize control of Unix or Linux
> machines running vulnerable versions of the popular alternative browser
> software. The vulnerability can only be exploited on Unix or Linux based
> environments. Firefox users at risk are advised to upgrade to version
> 1.0.7 to guard against attack.....'
> version 1.0.7 (linux) is available for download
If yer gonna quote, do it right. ;-)
Continuing from the above mentioned URL,
"The security bug creates a means for hackers to execute arbitrary shell
commands providing they trick users into following a malicious link in an
external application which uses Firefox as the default browser, such as
the Evolution email client on various versions of Red Hat Linux. The
vulnerability has been confirmed in version 1.0.6 of Firefox on Fedora
Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may
also be affected, security notification firm Secunia warns, however
there's no evidence that the security bug is being actively exploited. The
flaw, such as it is, was unearthed by security researcher Peter Zelezny. ®"
In other words, they have to trick you in order for it to work. In other
words, YOU BASICALLY HAVE TO DECIDE TO BE "HACKED" FOR THIS TO WORK.
Further, it's not being exploited. Yet. Of course, now that it's out
there for all and sundry...
Hey Sybren, I've got a URL for you to click on...
Granted, most people don't think about the links they click much. Hell,
right there, I clicked it. But then again, I trust The Reg not to crack
me. Unless it's the BOFH. Sometimes those just crack me up, but that's
different. I guess I do have an odd sense of humour.
Well, I guess I'm back for a bit. Actually, researching getting wmgmail
installed on Debian. Seems it requires a package that does not exist ;-)
-- THIS POST ORIGINATED FROM USENET, *NOT* ANY WEB-BASED FORUM! IF YOU ARE READING IT FROM A WEB BROWSER SUCH AS INTERNET EXPLORER OR NETSCAPE, THEN YOU ARE NOT READING THE ORIGINAL POST AND YOU SHOULD LEARN ABOUT "USENET" FROM http://www.ibiblio.org/usenet-i/usenet-help.html