Re: [SECURITY] [DSA 3211-1] iceweasel security update
- To: debian-security@lists.debian.org, jmm@debian.org, carnil@debian.org, SmartList <debian-announce-request@lists.debian.org>, pkg-mozilla-maintainers@lists.alioth.debian.org, Kontakt@ProSiebenSat1Digital.de
- Cc: spiegel@spiegel.de, kontakt@ccc.de, security@heise.de, SmartList <debian-security-request@lists.debian.org>, info@wdr.de, info@digitalegesellschaft.de, info@digitaleurope.org, debian@alteholz.de, security@heise.de, info@gruene.de, press@securityweek.com, sven@svenhartge.de, freebsd-questions@FreeBSD.org, gnu_andrew@member.fsf.org, rubini@gnu.org, info@resilientsystems.com, usergroups@medialinx-gruppe.de, mail@digitalcourage.de
- Subject: Re: [SECURITY] [DSA 3211-1] iceweasel security update
- From: Weber <kweber33@gmx.de>
- Date: Fri, 08 May 2015 03:47:01 +0200
- Message-id: <[🔎] 554C1595.2000706@gmx.de>
- In-reply-to: <E1YdLDf-0003sZ-89@master.debian.org>
- References: <E1YdLDf-0003sZ-89@master.debian.org>
dear iceweasel team
is it real that the bugs from mozilla and partners will never end?
Dont you think there is a ns-agent at mozilla ? or even some at debian ?
producing bugs and bugs and bugs....
more and more
instead of less....
yes man it is ! Mozilla is a bought IP tracker and sniffer .
IPs going over Google Server,which Mozilla uses for own work.
north korea has 1000 agents
and the us about 5000 or more? china 10 000 ?
Now guess...
for this reason i will ask you to harden iceweasel
and icedove with best sec settings and with best data privacy ,
which i miss until today.
no script is good, but it can be better.
its not good to have a very fat browser changing every months its basic
features and get fatter and fatter, open for more fatter
unsecure apps and modules.
(which are now checked, ok , but not for privacy!
mozilla does not give any possibility in the app store ,that developers
can / Must fill out with privacy and sec options/info.
why? )
privacy is not ,when firefox-Icew. opens any !!! TCP silly app checker
or else after i start it.
and is not ,if google servers are standard in background,
or any other social shit configs in the background users never can read
in front in an easy way,
and is not , if any other soft is loaded while using it.
and is not , if the code is getting a bubble to 80 MB
and no one can find a sec hole in one day.
security and privacy is lost in debian ,too
and in mozilla for many years now.
mozilla dont want to change this,because they are not free
anymore .
this must be changed!
money for programmers is good, but not in this way.
they are big enough to make 200 mio without google.
but they will not. they are in a hidden project as snowden told us.
mozilla adverts in a very unfair way on their website
with privacy, they lie to users,who dont know how to protect themselfs.
mozilla does this special setting behind to hide it from normal users!
thats bad !
and they dont tell the users,what they do with the meta date they
send to THIRD paries!
ask them !
now!
and send us the answer.!
come on.
bug is a program.! bugs ar bought/payed by third partners/agencies
!
fuck this shit.
sorry thats a bad work you do,and i ask you ,why nobody
works against it or nobody wants to get rid of the trackers and
perhaps sniffers.!?
this linux is not the vision of the founders of Linux/GNU for
NON - sniffing , tracking tools !
do it better now, please.
reduce code, delete remote chat app video code ,
reduce any code which is is not stable and we dont need for html sites.
we need no flash shit, no apps , we need
a browser which is secure more than 2 days in the year!
or:
you create a second edition browser , which runs "lighter" and more
secure / undependend as the original.
if you can remember , as i dont know your age,
firefox was working with 1 MB Code in version 1!
it was good enough for the slowest flash/java/video site or other
much badder websites.
now we have 80 times more code!!
and about 20-50 more bugs each year! and very much critical bugs
which can froze a window or remote exploit a debian or windows.
firefox was a very good browser for a starter team ! until they startet
the bug program ,
infiltrating all people on earth as IE does ,as experts write in blogs....
sometimes with the help of adobe flash.
if you dont want to do anything, please leave debian
and let others do this work.
ps.
we know that google sponsors debian too.
they sponsor even german newspapers
to get more profit and rights on the www market !
thats not a way you should copy to GNU Linux.
dont believe , if you type ps -ef , that you see all services
on debian.its infiltrated in many of the 20 000 apps.
some directly work with localhost mozilla engine other web services.
some are called "buffer overflow" on bug lists.
and now tell me how much you get that mozilla and google ist
on debian nr 1.
?
regards
weber
Am 01.04.2015 um 18:10 schrieb Salvatore Bonaccorso:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3211-1 security@debian.org
> http://www.debian.org/security/ Salvatore Bonaccorso
> April 01, 2015 http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : iceweasel
> CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815
> CVE-2015-0816
>
> Multiple security issues have been found in Iceweasel, Debian's version
> of the Mozilla Firefox web browser: Multiple memory safety errors,
> use-after-frees and other implementation errors may lead to the
> execution of arbitrary code, the bypass of security restrictions, denial
> of service or cross-site request forgery.
>
> For the stable distribution (wheezy), these problems have been fixed in
> version 31.6.0esr-1~deb7u1.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 31.6.0esr-1.
>
> We recommend that you upgrade your iceweasel packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
>
>
Reply to: