important notice to Firefox and Tor users : 0-day exploit
important notice to Firefox and Tor users : 0-day exploit
https://nakedsecurity.sophos.com/2016/1 ... -455063009
Updated Firefox and Tor should be :
The version numbers you should see if you are up-to-date are:
• Firefox 50.0.2
• Firefox ESR 45.5.1
• Thunderbird 45.5.1
• Tor Browser 6.0.7 (based on Firefox ESR 45.5.1)
In old version of Firefox, drive-by installs could occur :
That malware could be ransomware, a keylogger, a password stealer, a zombie to blast out spam, a DDoS attack bot, or any of a number of money-making criminal tools.
Updated Firefox and Tor should be :
The version numbers you should see if you are up-to-date are:
• Firefox 50.0.2
• Firefox ESR 45.5.1
• Thunderbird 45.5.1
• Tor Browser 6.0.7 (based on Firefox ESR 45.5.1)
In old version of Firefox, drive-by installs could occur :
That malware could be ransomware, a keylogger, a password stealer, a zombie to blast out spam, a DDoS attack bot, or any of a number of money-making criminal tools.
- perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Thanks for that.
It affects Windows, Linux, and Mac operating systems.
It also affects Pale Moon web browser. Pale Moon updated today to version 27.02
https://forum.palemoon.org/viewtopic.php?t=14018
.
It affects Windows, Linux, and Mac operating systems.
It also affects Pale Moon web browser. Pale Moon updated today to version 27.02
https://forum.palemoon.org/viewtopic.php?t=14018
.
-
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
Actually it didn't affect PM if you actually read this announcement: https://forum.palemoon.org/viewtopic.ph ... ff640bd89bperdido wrote:Thanks for that.
It affects Windows, Linux, and Mac operating systems.
It also affects Pale Moon web browser. Pale Moon updated today to version 27.02
https://forum.palemoon.org/viewtopic.php?t=14018
.
....
- perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Like your link says, it is extremely unlikely that it affects Pale Moon.
Then the author updated Pale Moon anyway and cited
Extremely unlikely is not an absolute.
It was extremely unlikely that Trump would win the election, too.
.
Then the author updated Pale Moon anyway and cited
CVE-2016-9079 Link HereSecurity fix:
Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.
Extremely unlikely is not an absolute.
It was extremely unlikely that Trump would win the election, too.
.
Yeah but most hackers and people in general do not become near forces of nature status that Trump either caused, lead, or foresaw or lasso-ed as it passed. I still do not know either, how so many including myself got it wrong.perdido wrote:Like your link says, it is extremely unlikely that it affects Pale Moon.
Then the author updated Pale Moon anyway and citedCVE-2016-9079 Link HereSecurity fix:
Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.
Extremely unlikely is not an absolute.
It was extremely unlikely that Trump would win the election, too.
.
TeX Dog wrote:Yeah but most hackers and people in general do not become near forces of nature status that Trump either caused, lead, or foresaw or lasso-ed as it passed. I still do not know either, how so many including myself got it wrong.perdido wrote:Like your link says, it is extremely unlikely that it affects Pale Moon.
Then the author updated Pale Moon anyway and citedCVE-2016-9079 Link HereSecurity fix:
Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.
Extremely unlikely is not an absolute.
It was extremely unlikely that Trump would win the election, too.
.
{...whack to the forehead!...}
Of course, that's it, I've been wondering and searching for weeks now what happened. Trump is/was a walking-talking bioengineered "zero" day exploit on the collective U.S DNA. 'Splains everythin now
[edit: spelling of forhead--->forehead]
Last edited by belham2 on Sat 03 Dec 2016, 12:46, edited 1 time in total.
Firefox remedy
I would try this on any Firefox browser or derivative.
1.) Disconnect from internet
2.) open FF or derivative browser
3.) in address bar type about:config, click OK
4.) in the search bar type svg
5.) double-click any heading that allows svg to make "false"
6.) Also make sure that "disable svg" types of headers are set to true
7.) In search bar type image
8.) the heading "image.http.accept" must be altered to
image/png,image/jpg,image/jpeg,image/gif;q=0.8,*/*;q=0.5
9.) Close browser, wait 10-20 seconds and open again
a.) if "already running" hang-up present, then restart X
10.) when open, close again after 10-20 seconds
11.) reconnect to internet
EDITED for new step #8 as firefox by default allows any type of image. By specifying these types of images, SVG is not listed as "accept".
HTH 4Now
8Geee
1.) Disconnect from internet
2.) open FF or derivative browser
3.) in address bar type about:config, click OK
4.) in the search bar type svg
5.) double-click any heading that allows svg to make "false"
6.) Also make sure that "disable svg" types of headers are set to true
7.) In search bar type image
8.) the heading "image.http.accept" must be altered to
image/png,image/jpg,image/jpeg,image/gif;q=0.8,*/*;q=0.5
9.) Close browser, wait 10-20 seconds and open again
a.) if "already running" hang-up present, then restart X
10.) when open, close again after 10-20 seconds
11.) reconnect to internet
EDITED for new step #8 as firefox by default allows any type of image. By specifying these types of images, SVG is not listed as "accept".
HTH 4Now
8Geee
Last edited by 8Geee on Sun 04 Dec 2016, 01:42, edited 3 times in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
souleau,souleau wrote:But SVG's are really nothing more than XML code, right?!
So, like, is this memory block allocation a specific function that only gets to be performed when it concerns SVG, or does this also occur with other XML objects?
In other words, is this an SVG problem, or an XML problem?
Unfortunately (for all of us), you asked and answered the question. It is an XML problem.....which I think you know what that means