Re: OT Firefox security leak: bogus or genuine?

To: debian-user@lists.debian.org
Subject: Re: OT Firefox security leak: bogus or genuine?
From: David Burgess <apt.get@gmail.com>
Date: Tue, 10 May 2005 16:51:59 -0600
Message-id: <[🔎] 1115765519.1799.18.camel@localhost>
In-reply-to: <[🔎] 428139FE.50403@fastmail.fm>
References: <[🔎] d5r2d8$upe$1@sea.gmane.org> <[🔎] 428139FE.50403@fastmail.fm>

On Tue, 2005-05-10 at 18:47 -0400, [KS] wrote:

> Here is the official security advisory link from mozilla.org
> http://www.mozilla.org/security/announce/mfsa2005-42.html
> 
> You should be fine as long as you haven't added any website to the
> whitelist to install software except the official update website.
> 
> /KS
> 

Not so. From the "Workaround" section of the advisory:

"4. Click the "Remove All Sites" button"

The problem is that any site can install software as long as there is at
least a single site on the whitelist. You are vulnerable until you clear
the whitelist completely.

dB

Reply to:

Follow-Ups:
- Re: OT Firefox security leak: bogus or genuine?
  - From: "[KS]" <lists04@fastmail.fm>

References:
- OT Firefox security leak: bogus or genuine?
  - From: Jonathan Kaye <jonathan.kaye@univie.ac.at>
- Re: OT Firefox security leak: bogus or genuine?
  - From: "[KS]" <lists04@fastmail.fm>

Prev by Date: Re: Is 64MB enough?
Next by Date: Re: change dma mode?
Previous by thread: Re: OT Firefox security leak: bogus or genuine?
Next by thread: Re: OT Firefox security leak: bogus or genuine?
Index(es):
- Date
- Thread