Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 20 Jul 2018, 01:13
All times are UTC - 4
 Forum index » Off-Topic Area » Security
important notice to Firefox and Tor users : 0-day exploit
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [10 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1224
Location: Canada

PostPosted: Fri 02 Dec 2016, 12:49    Post subject:  important notice to Firefox and Tor users : 0-day exploit
Subject description: update to newest version of Tor and Firefox
 

https://nakedsecurity.sophos.com/2016/12/01/firefox-and-tor-users-update-now-0-day-exploit-in-the-wild/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=ea204db679-naked%252Bsecurity&utm_medium=email&utm_term=0_31623bb782-ea204db679-455063009

Updated Firefox and Tor should be :

The version numbers you should see if you are up-to-date are:
• Firefox 50.0.2
• Firefox ESR 45.5.1
• Thunderbird 45.5.1
• Tor Browser 6.0.7 (based on Firefox ESR 45.5.1)

In old version of Firefox, drive-by installs could occur :

That malware could be ransomware, a keylogger, a password stealer, a zombie to blast out spam, a DDoS attack bot, or any of a number of money-making criminal tools.
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 846
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Fri 02 Dec 2016, 18:40    Post subject:  

Thanks for that.
It affects Windows, Linux, and Mac operating systems.

It also affects Pale Moon web browser. Pale Moon updated today to version 27.02
https://forum.palemoon.org/viewtopic.php?t=14018



.
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 1935
Location: Wisconsin USA

PostPosted: Fri 02 Dec 2016, 19:09    Post subject:  

perdido wrote:
Thanks for that.
It affects Windows, Linux, and Mac operating systems.

It also affects Pale Moon web browser. Pale Moon updated today to version 27.02
https://forum.palemoon.org/viewtopic.php?t=14018



.


Actually it didn't affect PM if you actually read this announcement: https://forum.palemoon.org/viewtopic.php?f=1&t=13984&sid=531a090e4bab21edb922a0ff640bd89b

_________________
....
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 846
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Fri 02 Dec 2016, 19:15    Post subject:  

Like your link says, it is extremely unlikely that it affects Pale Moon.

Then the author updated Pale Moon anyway and cited
Quote:
Security fix:
Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.

CVE-2016-9079 Link Here

Extremely unlikely is not an absolute.

It was extremely unlikely that Trump would win the election, too. Wink

.
Back to top
View user's profile Send private message 
TeX Dog

Joined: 06 Jul 2016
Posts: 341

PostPosted: Sat 03 Dec 2016, 01:05    Post subject:  

perdido wrote:
Like your link says, it is extremely unlikely that it affects Pale Moon.

Then the author updated Pale Moon anyway and cited
Quote:
Security fix:
Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.

CVE-2016-9079 Link Here

Extremely unlikely is not an absolute.

It was extremely unlikely that Trump would win the election, too. Wink

.


Yeah but most hackers and people in general do not become near forces of nature status that Trump either caused, lead, or foresaw or lasso-ed as it passed. I still do not know either, how so many including myself got it wrong.
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1520

PostPosted: Sat 03 Dec 2016, 04:49    Post subject:  

TeX Dog wrote:
perdido wrote:
Like your link says, it is extremely unlikely that it affects Pale Moon.

Then the author updated Pale Moon anyway and cited
Quote:
Security fix:
Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.

CVE-2016-9079 Link Here

Extremely unlikely is not an absolute.

It was extremely unlikely that Trump would win the election, too. Wink

.


Yeah but most hackers and people in general do not become near forces of nature status that Trump either caused, lead, or foresaw or lasso-ed as it passed. I still do not know either, how so many including myself got it wrong.



{...whack to the forehead!...}

Of course, that's it, I've been wondering and searching for weeks now what happened. Trump is/was a walking-talking bioengineered "zero" day exploit on the collective U.S DNA. 'Splains everythin now Shocked


[edit: spelling of forhead--->forehead]

Last edited by belham2 on Sat 03 Dec 2016, 08:46; edited 1 time in total
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1601
Location: N.E. USA

PostPosted: Sat 03 Dec 2016, 05:49    Post subject: Firefox remedy
Subject description: Older browsers
 

I would try this on any Firefox browser or derivative.

1.) Disconnect from internet
2.) open FF or derivative browser
3.) in address bar type about:config, click OK
4.) in the search bar type svg
5.) double-click any heading that allows svg to make "false"
6.) Also make sure that "disable svg" types of headers are set to true
7.) In search bar type image
8.) the heading "image.http.accept" must be altered to
image/png,image/jpg,image/jpeg,image/gif;q=0.8,*/*;q=0.5
9.) Close browser, wait 10-20 seconds and open again
a.) if "already running" hang-up present, then restart X
10.) when open, close again after 10-20 seconds
11.) reconnect to internet

EDITED for new step #8 as firefox by default allows any type of image. By specifying these types of images, SVG is not listed as "accept".

HTH 4Now
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.

Last edited by 8Geee on Sat 03 Dec 2016, 21:42; edited 3 times in total
Back to top
View user's profile Send private message 
souleau


Joined: 23 Oct 2016
Posts: 125

PostPosted: Sat 03 Dec 2016, 06:29    Post subject:  

But SVG's are really nothing more than XML code, right?!

So, like, is this memory block allocation a specific function that only gets to be performed when it concerns SVG, or does this also occur with other XML objects?

In other words, is this an SVG problem, or an XML problem?
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1520

PostPosted: Sat 03 Dec 2016, 08:48    Post subject:  

souleau wrote:
But SVG's are really nothing more than XML code, right?!

So, like, is this memory block allocation a specific function that only gets to be performed when it concerns SVG, or does this also occur with other XML objects?

In other words, is this an SVG problem, or an XML problem?


souleau,

Unfortunately (for all of us), you asked and answered the question. It is an XML problem.....which I think you know what that means Sad
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3143
Location: Tamworth UK

PostPosted: Sat 03 Dec 2016, 09:04    Post subject:  

"Extremely unlikely" does not work once a bug is known.
It may have been unlikely to have happened by chance, but once it has been published all sorts of "kiddies" will be playing with it.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [10 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0978s ][ Queries: 12 (0.0108s) ][ GZIP on ]