Package: mozilla-firefox
Version: 1.0.4-2
Followup-For: Bug #318061
It seems that a little more information has appeared on that
page now. Code execution through shared function objects
sounds scary.
Why not simply backport 1.0.5? I can't see any major
difference between 1.0.4 and 1.0.5 except for these security
problems. The same goes for all future security updates
they put out (as long as they're only security updates).
Alternatively, is there a simple way of providing an option
to run Firefox in a sandbox, so it can't touch your home
directory and its settings are restored after each session?
(Not restored to factory defaults, but restored as you want
them.) That would mitigate most of the risk, although there
might be some stack-smashing bug that allows trojan sites to
execute arbitrary machine code and potentially break out of
the sandbox by exploiting a 'suid' vulnerability.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.23
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) (ignored: LC_ALL set to
en_GB)
Versions of packages mozilla-firefox depends on:
ii debianutils2.8.4 Miscellaneous utilities specific t
ii fontconfig 2.3.1-2 generic font configuration library
ii libatk1.0-01.8.0-4 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libfontconfig1 2.3.1-2 generic font configuration library
ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib
ii libgcc11:3.4.3-13GCC support library
ii libglib2.0-0 2.6.4-1 The GLib library of C routines
ii libgtk2.0-02.6.4-3 The GTK+ graphical user interface
ii libidl00.8.5-1 library for parsing CORBA IDL file
ii libjpeg62 6b-10 The Independent JPEG Group's JPEG
ii libkrb53 1.3.6-2 MIT Kerberos runtime libraries
ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio
ii libpng12-0 1.2.8rel-1PNG library - runtime
ii libstdc++5 1:3.3.5-13The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-14 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-14 X Window System miscellaneous exte
ii libxft22.1.7-1 FreeType-based font drawing librar
ii libxp6 4.3.0.dfsg.1-14 X Window System printing extension
ii libxt6 4.3.0.dfsg.1-14 X Toolkit Intrinsics
ii psmisc 21.5-1Utilities that use the proc filesy
ii xlibs 4.3.0.dfsg.1-14 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-4.sarge.1 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]