You are not logged in.
- Topics: Active | Unanswered
#1 2015-08-07 19:09:02
- pixelou
- Member
- Registered: 2011-03-30
- Posts: 18
Firefox vulnerability
Hi everyone,
A serious vulnerability has been found in firefox yesterday (in the PDFjs module).
You will find more details at:
- https://www.mozilla.org/en-US/security/ … sa2015-78/
- https://blog.mozilla.org/security/2015/ … -the-wild/
The second link mentions that an exploit already existed before mozilla was informed about this problem, and this exploit was found to read the ssh files among others.
Archlinux repo already contains a fixed version of firefox (39.0.3-1).
Note for moderators: I am not sure wether the Archlinux forum is the right place for this topic, many security blogs and website have already published about this, but I thought quite a lot of us might be interested by this issue. Please feel free to close the topic if you wish.
Offline
#2 2015-08-07 19:11:30
- karol
- Archivist
- Registered: 2009-05-06
- Posts: 25,440
Re: Firefox vulnerability
We have https://wiki.archlinux.org/index.php/CVE which does link to https://www.mozilla.org/en-US/security/ … sa2015-78/ that you posted.
See also arch-security mailing list.
Last edited by karol (2015-08-07 19:12:53)
Offline
#3 2015-08-07 19:21:18
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,193
Re: Firefox vulnerability
Moved to Announcements, Package and Security Advisories
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#4 2015-08-07 23:37:29
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,472
- Website
Re: Firefox vulnerability
If you want information like this, you are better off following the arch-security mailing list.
Offline
#5 2015-08-08 08:57:38
- pixelou
- Member
- Registered: 2011-03-30
- Posts: 18
Re: Firefox vulnerability
Thanks for the pointer, I did register to the mailing list.
Offline
#6 2015-08-10 08:52:19
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,597
Re: Firefox vulnerability
Moved to Announcements, Package and Security Advisories
You are aware, that this category also goes to Planet Archlinux?
Offline
#7 2015-08-10 10:54:42
- karol
- Archivist
- Registered: 2009-05-06
- Posts: 25,440
Re: Firefox vulnerability
ewaller wrote:Moved to Announcements, Package and Security Advisories
You are aware, that this category also goes to Planet Archlinux?
Good catch. I've recently unsubscribed from the Arch Linux Planet and missed it / forgot.
I unsubscribed from the 'Other Languages' forum section and a thread I was interested in was started there. The gods hate me.
Offline
#8 2015-08-10 13:55:33
- gunnihinn
- Member
- From: Torreón, Mexico
- Registered: 2007-10-28
- Posts: 81
Re: Firefox vulnerability
If you want information like this, you are better off following the arch-security mailing list.
I'd actually post a news item about it on archlinux.org instead and encourage users to update Firefox. Serious security vulnerabilities affect all users, but not everyone follows security mailing lists. I'd argue that it's the responsibility of those who do to alert the general population when something this serious comes up.
Offline
#9 2015-08-10 14:12:34
- karol
- Archivist
- Registered: 2009-05-06
- Posts: 25,440
Re: Firefox vulnerability
not everyone follows security mailing lists
https://lists.archlinux.org/pipermail/arch-security/ is not exactly high volume, so I guess those people don't want security info.
You already have somebody listing vulnerabilities and fixing them, all you have to do is read them and follow the suggestions included.
Offline