[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Query about possible bug fix involving security issues for web browsers

Hello.

As the named project leader for the rekonq project, has made it clear
that rekonq for Debian 6 and Debian 7, is no longer supported, and a
persistent bug has been shown in the version of rekonq for Debian 6, I
am wondering whether the LTS project can do something to fix the bug.

It is an issue of what I believe can reasonably be described as
malicious software being published on some web sites.

I believe that the problem has been raised on the Debian User mailing
list, wherein some web sites include flash stuff, involving swf files,
which cause some web browsers to crash.

I am wondering whether some "mechanism,", or, filter, can be
implemented, for web browsers such as the now unsupported rekonq, to
either ignore (so as to stop code from downloading, that invokes)
flash stuff, including swf files, or, to stop access to web sites or
web pages that include such code, so that the web browser parses web
pages before they are downloaded and opened, and, if code is not shown
as not including flash stuff, the user is warned before the web page
is opened, with a dialogue box, such as

"The web page you are attempting to access, could crash your web
browser, or do worse things to your system, due to the presence of
flash stuff. Are you sure that you want to continue with attempting to
access the web page? <Yes> <No>"

I believe that one such web page with such malicious code that causes
crashes, is at
http://www.truevaluesolar.com.au/carbontrack/

I think that the thread on the Debian User mailing list, also includes
reference to the web site of the System Setup utility company (for
deciding boot order, and whether to use UEFI or BIOS), in the thread
referring to problems with booting between UEFI and Legacy installed
operating systems on the same computer.

I note that CERT advisories referring to flash stuff, as a secury
risk, are commonplace, and so, I believe that this issue involves a
security issue, with the risk being able to be reduced by
implementation of preparsing of web pages to prevent access to flash
stuff, where a user prefers to avoid the risk of web browser crashing,
and inherent security threats, from flash stuff.

Thank you in anticipation.


-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................
Reply to: