Package: mozilla-firefox Version: 1.0.4-2 Followup-For: Bug #318061
It seems that a little more information has appeared on that page now. "Code execution through shared function objects" sounds scary. Why not simply backport 1.0.5? I can't see any major difference between 1.0.4 and 1.0.5 except for these security problems. The same goes for all future security updates they put out (as long as they're only security updates). Alternatively, is there a simple way of providing an option to run Firefox in a sandbox, so it can't touch your home directory and its settings are restored after each session? (Not restored to factory defaults, but restored as you want them.) That would mitigate most of the risk, although there might be some stack-smashing bug that allows trojan sites to execute arbitrary machine code and potentially break out of the sandbox by exploiting a 'suid' vulnerability. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.23 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) (ignored: LC_ALL set to en_GB) Versions of packages mozilla-firefox depends on: ii debianutils 2.8.4 Miscellaneous utilities specific t ii fontconfig 2.3.1-2 generic font configuration library ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-13 GCC support library ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libgtk2.0-0 2.6.4-3 The GTK+ graphical user interface ii libidl0 0.8.5-1 library for parsing CORBA IDL file ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libkrb53 1.3.6-2 MIT Kerberos runtime libraries ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-14 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-14 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxp6 4.3.0.dfsg.1-14 X Window System printing extension ii libxt6 4.3.0.dfsg.1-14 X Toolkit Intrinsics ii psmisc 21.5-1 Utilities that use the proc filesy ii xlibs 4.3.0.dfsg.1-14 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4.sarge.1 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
