[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Query about possible bug fix involving security issues for web browsers

On Sun, 2015-03-29 at 14:11 +0800, Bret Busby wrote:
> Hello.
> As the named project leader for the rekonq project, has made it clear
> that rekonq for Debian 6 and Debian 7, is no longer supported, and a
> persistent bug has been shown in the version of rekonq for Debian 6, I
> am wondering whether the LTS project can do something to fix the bug.
> It is an issue of what I believe can reasonably be described as
> malicious software being published on some web sites.
> I believe that the problem has been raised on the Debian User mailing
> list, wherein some web sites include flash stuff, involving swf files,
> which cause some web browsers to crash.

None of our packaged web browsers support SWF directly.  It is
implemented by GNU Shockwave Flash player (browser-plugin-gnash) or
Adobe Flash Player (downloaded by flashplugin-nonfree).  I don't believe
either of those is supported in LTS either.

> I am wondering whether some "mechanism,", or, filter, can be
> implemented,

You can remove the flash plugin, whichever it is.

That won't protect you from sites that exploit bugs in the browser's
image decoders or Javascript libraries.


Ben Hutchings
Sturgeon's Law: Ninety percent of everything is crap.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: