LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A Firefox zero-day vulnerability

A Firefox zero-day vulnerability

Posted Nov 4, 2010 8:37 UTC (Thu) by NikLi (guest, #66938)
In reply to: A Firefox zero-day vulnerability by kripkenstein
Parent article: A Firefox zero-day vulnerability

A complex piece of software is not the excuse.

They've been constantly adding new unsecure features to all WEB 2.0 related standards every day. For example, CSS3 supports "remote fonts" where the fonts that a page should use are specified by an URL in the stylesheet. Imagine how many new interesting vunerability possibilities in the freetype engine this opens!

Excellent record for security? Every week we get a new set of serious firefox vulns. Makes you wonder if there are any undisclosed ones, if the attackers got to them first, if your firefox has been already pwned and clicking on "fetch updates" will fetch backdoors, etc.

Given the paranoid security of browsers, for me the best option is:

qemu running windows XP. In there i run firefox and I have different hard disk images. The "unsecure one" which i don't care and the secure one for credit cards, etc. Hard disk images are deleted monthly and restored from base images.

On linux I use only konqueror and only for very specific pages.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds