Re: Firefox 4 repo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Firefox 4 repo
From: "Christofer C. Bell" <christofer.c.bell@xxxxxxxxx>
Date: Mon, 19 Jul 2010 02:17:18 -0500
Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <4C43F50B.8010307@xxxxxxxxx>
List-archive: <http://lists.fedoraproject.org/pipermail/users>
List-help: <mailto:[email protected]?subject=help>
List-id: Community support for Fedora users <users.lists.fedoraproject.org>
List-post: <mailto:[email protected]>
List-subscribe: <https://admin.fedoraproject.org/mailman/listinfo/users>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://admin.fedoraproject.org/mailman/listinfo/users>, <mailto:[email protected]?subject=unsubscribe>
References: <1279465915.4260.2.camel@xxxxxxxxxxxxxxxxxx> <4C4319EB.5000107@xxxxxxxxx> <1279498238.2946.1.camel@xxxxxxxxxxxxxxxxxx> <4C4398DA.2050006@xxxxxxxxx> <1279499921.2946.2.camel@xxxxxxxxxxxxxxxxxx> <4C43A229.4090707@xxxxxxxxx> <4C43A58B.6000006@xxxxxxxxx> <4C43B4BE.5000907@xxxxxxxxx> <4C43BB92.7040002@xxxxxxxxx> <4C43BFC4.4010907@xxxxxxxxx> <4C43C4E5.5000609@xxxxxxxxx> <4C43CA18.1090303@xxxxxxxxx> <4C43CCEB.8060705@xxxxxxxxx> <4C43D0F3.6020701@xxxxxxxxx> <4C43D77C.2060301@xxxxxxxxx> <4C43E741.1000205@xxxxxxxxx> <4C43ECD5.4030401@xxxxxxxxx> <4C43EF9E.3040005@xxxxxxxxx> <4C43F50B.8010307@xxxxxxxxx>
Reply-to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx

On 7/19/10, Suvayu Ali <fatkasuvayu+linux@xxxxxxxxx> wrote:

I have a copy of the "buggy" 64 bit flash(10.0.45), and it works with
the fedora version of FF 3.6 very well. I am having a problem with _all_
my plugins when I use the tarball. I guess I'll have to give up my wish
to test the beta release of FF. :-\

It's not so much "buggy" as it contains an actively exploited security vulnerability that can lead to remote compromise of your computer.

"A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat."[1]

"Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010."[2]

So yes, the software "works well" in much the same way that "an unpatched Windows XP works well" but leaves you open to compromise. Note the key sentence here: "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat."

I'm not sure I'd have such a caviler attitude toward it as you.

[1] http://www.adobe.com/support/security/advisories/apsa10-01.html
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297

--
Chris

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Follow-Ups:
- Re: Firefox 4 repo
  - From: JD
- Flash on 64 bit systems (was Re: Firefox 4 repo)
  - From: Suvayu Ali

References:
- Firefox 4 repo
  - From: Mike Chambers
- Re: Firefox 4 repo
  - From: Athmane Madjoudj
- Re: Firefox 4 repo
  - From: Mike Chambers
- Re: Firefox 4 repo
  - From: Athmane Madjoudj
- Re: Firefox 4 repo
  - From: Mike Chambers
- Re: Firefox 4 repo
  - From: Athmane Madjoudj
- Re: Firefox 4 repo
  - From: JD
- Re: Firefox 4 repo
  - From: Suvayu Ali
- Re: Firefox 4 repo
  - From: JD
- Re: Firefox 4 repo
  - From: Suvayu Ali
- Re: Firefox 4 repo
  - From: David
- Re: Firefox 4 repo
  - From: JD
- Re: Firefox 4 repo
  - From: David
- Re: Firefox 4 repo
  - From: JD
- Re: Firefox 4 repo
  - From: Suvayu Ali
- Re: Firefox 4 repo
  - From: JD
- Re: Firefox 4 repo
  - From: Suvayu Ali
- Re: Firefox 4 repo
  - From: JD
- Re: Firefox 4 repo
  - From: Suvayu Ali

Prev by Date: Re: User password trouble - SOLVED -
Next by Date: Re: RAID adventures
Previous by thread: Re: Firefox 4 repo
Next by thread: Flash on 64 bit systems (was Re: Firefox 4 repo)
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux