On 8/7/15, intrigeri <intrig...@boum.org> wrote: > Hi, > > that is: > > https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ > https://security-tracker.debian.org/tracker/CVE-2015-4495 > > ... apparently only affect Firefox 38.x, so current Tails stable > (1.4.1) is not affected. Most likely Tails 1.5~rc1 is affected, but > our AppArmor policy should mitigate the worst possible consequences, > so I doubt it's worth adding to the RC announce's known > issues section. > > If anyone has more insight or disagrees, let me know. >
I've heard that the exploit in the wild doesn't work against esr31 - I haven't heard that it isn't impacted at all. The bad news is that it isn't fixed in esr31 - so while they have fixes in for ff38 - it isn't because that was the only problematic version. :-( ( I think the apparmor profile may contain some of the worst aspects but only until an attacker figures out how to make a hard link. That is not a super high bar for code execution but will at least stop random files from being included without a multi-bug payload. ) All the best, Jacob _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
