Re: attn linux users- Firefox flaw

From: Circuit Breaker (bagboy6437_at_ship.aol.com)
Date: 09/24/05


Date: Sat, 24 Sep 2005 00:35:46 -0400

ac wrote:

> '.... Security researchers have discovered a new vulnerability with
> Firefox that might allow hackers to seize control of Unix or Linux
> machines running vulnerable versions of the popular alternative browser
> software. The vulnerability can only be exploited on Unix or Linux based
> environments. Firefox users at risk are advised to upgrade to version
> 1.0.7 to guard against attack.....'
>
> http://www.theregister.co.uk/2005/09/21/linux_firefox_security_bug/
>
> version 1.0.7 (linux) is available for download

If yer gonna quote, do it right. ;-)

Continuing from the above mentioned URL,

"The security bug creates a means for hackers to execute arbitrary shell
commands providing they trick users into following a malicious link in an
external application which uses Firefox as the default browser, such as
the Evolution email client on various versions of Red Hat Linux. The
vulnerability has been confirmed in version 1.0.6 of Firefox on Fedora
Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may
also be affected, security notification firm Secunia warns, however
there's no evidence that the security bug is being actively exploited. The
flaw, such as it is, was unearthed by security researcher Peter Zelezny. "

In other words, they have to trick you in order for it to work. In other
words, YOU BASICALLY HAVE TO DECIDE TO BE "HACKED" FOR THIS TO WORK.
Further, it's not being exploited. Yet. Of course, now that it's out
there for all and sundry...

Hey Sybren, I've got a URL for you to click on...

Granted, most people don't think about the links they click much. Hell,
right there, I clicked it. But then again, I trust The Reg not to crack
me. Unless it's the BOFH. Sometimes those just crack me up, but that's
different. I guess I do have an odd sense of humour.

Well, I guess I'm back for a bit. Actually, researching getting wmgmail
installed on Debian. Seems it requires a package that does not exist ;-)

Later...

CJ

-- 
THIS POST ORIGINATED FROM USENET, *NOT* ANY WEB-BASED FORUM!  IF YOU ARE READING
IT FROM A WEB BROWSER SUCH AS INTERNET EXPLORER OR NETSCAPE, THEN YOU ARE NOT
READING THE ORIGINAL POST AND YOU SHOULD LEARN ABOUT "USENET" FROM 
http://www.ibiblio.org/usenet-i/usenet-help.html


Relevant Pages

  • Re: spyware/malware and linux?
    ... > How vulnerable is Linux to spyware, malware, trojans, etc. compared to ... > much about linux security or vulnerability, ... a pristine browser setup. ... All browser accounts have bogas email addresses. ...
    (comp.os.linux.security)
  • Re: Firefox kicks ass
    ... >> it a really cool browser, and much more customizable than Mozilla, ... > they were to use Firefox and come across a website designed for IE, ... If you work with Linux ... > So, when companies switch... ...
    (comp.os.linux)
  • Re: TurboTax.com (Here we go again...)
    ... Intuit is doing browser checks on their TurboTax site ... Firefox on Windows or Mac is fine, but not Linux. ...
    (Fedora)
  • Re: Dont Mess With Texas
    ... Tried Firefox in Linux, crashed on the link. ... Then an other Firefox on the eeePC in Linux, ... have a useragent-switching utility installed in the browser (so I can ... Possibly your Linux browser setups do not have a proper Flash player ...
    (sci.electronics.design)
  • Re: Dont Mess With Texas
    ... Tried Firefox in Linux, crashed on the link. ... Then an other Firefox on the eeePC in Linux, ... have a useragent-switching utility installed in the browser (so I can ... Possibly your Linux browser setups do not have a proper Flash player ...
    (sci.electronics.design)