Fedora Security :: Still No Security Patched Firefox 3.5.1 In Yum / Get That?
Jul 18, 2009
Firefox 3.5 has a critical java script vulnerability as noted in the recent news. I had to manually update to 3.5.1 using the mozilla tarball because there's still no Firefox 3.5.1 in Fedora Updates or even Fedora Updates Testing repositories. Is this normal? I didn't want to resort to using the mozilla one because now I can't use flash (my system is 64 bit and mozilla only seems to offer a 32bit tar file of Firefox) and having two Firefoxs means dealing with the ProfileManager, separate bookmarks and so on.
I'm trying to find out if I'm just looking in the wrong place, I tried the normal mirrors for "updates" for Fedora 11 and then updates-testing and also the baseurl for "updates" to get rid of the mirror update delay. None of them seem to have 3.5.1 ?
View 3 Replies
ADVERTISEMENT
Apr 8, 2010
Does anyone know when we'll see Firefox 3.0.19 packaged for 8.04 LTS? I'm still stuck at 3.0.18. And what will happen after this? My understanding is that after .19 Mozilla is dropping support for FF 3.0.
Upgrade policies not withstanding, I find it rather annoying when an "LTS" release doesn't keep up with the most security-critical package in the distro, the browser. 8.04 LTS should have moved to FF 3.5+ a *long* time ago. Now it seems it will be forced to do so or else just forget about browser updates for the last year of 8.04?
I know I can install the current Firefox with ubuntuzilla, I just keep wishing Ubuntu would do it for me.
View 9 Replies
View Related
May 9, 2010
Using slackware 12.2, xfce, Firefox 3.0.16 and for the past few days i have been getting Persistent System Security Window that looks like MS Firewall and you can't click on the X or Cancel because then it activates a so called security analysis with green progress bar. I open a terminal real quick and issue pkill firefox command.I have been trying to get to the basicconfig site to follow tutorial on firefox security update but that window keeps comming back.I emptied out my /tmp files but i am still having same problem and don't know what to do
View 4 Replies
View Related
May 11, 2009
I am new to Fedora 10, and to SELinux too.
I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.
View 2 Replies
View Related
Jan 10, 2010
Browser can't find server at att.yahoo.com so no internet. My folding at home client with Stanford can't download {an upload went ok}. I have 2 other fedora boxes & 3 windows boxes thru the same router and they are all fine.
I can manually ping Stanford ok,
Add/remove software within fed. works ok.
I can type in 192.168.0.1 & get the page for my router
The only thing I did between working & not working was to install
Nvidia Cuda driver for my GTX275
My guess is something in the firewall got tweaked. but I've compared it to 2 working boxes & nothing jumps out at me.
View 5 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
View Related
May 30, 2010
Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies
View Related
Jun 10, 2009
Anyone running fedora 11 have any luck getting a smart card reader added as a security device under firefox?
Specifically from firefox: Edit-Preferences-Advanced-Encryption tab-Security_Devices-Load;
Enter arbitrary name and "/usr/lib64/libcoolkeypk11.so" as the module.
This worked fine in fedora10 and was the necessary step to getting a card reader to work with firefox. In fedora11 (with firefox beta) the browser just comes back with nothing, it doesn't even respond. Note I am familiar with the concept of pki and certificates as well as certutil, pkcs11_inspect, pklogin_finder, etc. Also note utlities like pkcs11_inspect and pklogin_finder and esc all work and communicate with the reader and read the contents of the card but smart card login configured via the authentication applet (as working in fedora 10) is not working either.
View 3 Replies
View Related
Oct 10, 2009
If I leave the computer running for a few minutes without doing anything on it, this screen appears demanding that I enter my password, otherwise I can't get back to Fedora. I understand the necessity for this security feature in a work environment, but I'm just a home user and this security screen is just a nagging problem I don't know how to get rid of.
View 1 Replies
View Related
Jul 19, 2011
I just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
View 5 Replies
View Related
Aug 3, 2009
Problem that may require several tools available on Fedora. I don't know if its possible or not.
Given: Surveillance video box based on Fedora & Zoneminder. Internet connection is via a private 10.x.x.x network connection to the local phone company/ISP. That's the only connection available and they are the only ISP in the area. The ISP uses NAT to ultimately provide a routeable IP address, but that only works on outbound initiated traffic.
Problem: How can someone out on the Internet hit this box? i.e Is there any way to rig a method that will ultimately allow a connection initiated from the Internet to see the surveillance video that this box has stored via an http session?
I thought of one idea but don't have the tools to implement it. User sends an email to a server out on the Net somewhere. Surveillance box retrieves mail ever minute. The mail contains the users IP address. Surveillance box sends an outbound packet to that IP address to get NAT functional. The users box then uses that address to hit the box on the private network. The snag with this is that NAT is specific to ports, and I have no sway over the ISP's NAT capability.
Is there any way to push an http session outbound to the waiting end user? i.e. initiate a push of http traffic from the private box to the end user?
View 5 Replies
View Related
Nov 24, 2009
Does any one knows how to set an schedule for fire fox to terminate loading some IP. or restricting people to accessing some websites from your system..?I mean to set some restriction option to Fire Fox for third party..
View 4 Replies
View Related
Aug 26, 2009
I would like to maximise security on an FC 10 box. I had come across some scripts that perform a host of security tests and let me know recommendations on what all needs to be done. Dont seem to remember what they were called. Has any one tried any such stuff on FC10 recently? which scripts or suites you would recommend for this purpose...
View 2 Replies
View Related
Jan 5, 2010
I was reading that Arch does not provide security updates, but just provides security by keeping with up-to-date software...So what is in a security update and what does it patch? The kernel?
View 10 Replies
View Related
Mar 2, 2010
FYI Security Spin.
[url]
"...The Fedora Security Spin provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations. The spin is maintained by a community of security testers and developers. It comes with the clean and fast LXDE Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system. The Live image has been crafted to make it possible to install software while running, and if you are running it from a USB stick created with the LiveUSB Creator's overlay feature, you can install and update software and save your test results permanently..."
About Security Spin -
[url]
Available Apps of Security Spin -
[url]
View 9 Replies
View Related
Jun 3, 2010
Using SMB to access a windows machine through port 139/445 is great, but how can this be used to exploit the system?I know this is gonna get flamed for the nature of hacking, but i'm trying to pen my own windows box with my sec spin of fedora (tried backtrack but didnt like the feel of it, so got the GNOME-security spin)I'm trying to find a way to open up c$ without sitting at my win box and sharing it.
View 1 Replies
View Related
Jun 29, 2010
I ran the LiveCD of Fedora SecurityLab and noticed these ports open, 111,631, 34526.How can I close them and what runs behind them. I know 111 is rpcbind, 631 ipp and 34526 is unknown.
View 4 Replies
View Related
Mar 31, 2011
I just preparing some presentations and was wondering what the most interresting Tools on the FSL would be. There are many, many everybody would use, but what would be the lets say "most wanted" Tools on the fedora Security Suite aka FSL?! Without what Tool you could not work?
View 2 Replies
View Related
Jun 14, 2010
Newbie here,
I'm thinking of moving mostly to linux to get away from the security holes in Windows. And I have some questions...
How secure is Firefox for doing online banking?
Sometimes I have run into a situation where the bank doesn't support anything but Windows explorer when accessing my accounts. Can this be gotten around safely in Linux?
If so, How?
View 9 Replies
View Related
Aug 16, 2010
There is a lot of talk regarding the Zeus Trojan at the moment.
Are we safe if we use The Live CD and Firefox?
View 7 Replies
View Related
Apr 11, 2011
I followed instructions for installing vidalia and polipo and everything seems to be working ok, but I cannot connect to tor from firefox using torbutton. I didn't edit configurations other than downloaded those for polipo, as described in the link above.I read that somebody got it working with foxyproxy better than torbutton, but torbutton is customised specifically to enhance tor, so I'd prefer to use it unless there issomething better.torbutton test fails with: Quote:Tor proxy test: Local HTTP Proxy is unreachable. Is Polipo running properly?Message log from tor:
Code:
Apr 11 00:39:51.187 [Notice] Tor v0.2.1.30. This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
[code]...
View 5 Replies
View Related
Mar 27, 2011
Is there a plugin or some other way to check to see if a website has https available, and use that instead? I know some sites, like Wikipedia have a different hostname for SSL support while others have the same hostname, just What I would really like to seesome kind of header in the http reply or the html that saysSecureAvailable= is there any system like this in place? There's too many issues with with unencrypted http to continue having that as the default.
View 3 Replies
View Related
Jan 12, 2010
im using firefox 3.5.7 with ubuntu 9.10 but firefox since 3.5.6 and 3.5.7 keeps crashing a lot-just now it crashed my entire system-the whole screen went black. So to that end is use of opera or chrome secure for ubuntu?
View 9 Replies
View Related
Mar 25, 2010
Having read how a private company is providing governments (and probably criminals) with a box that can listen in on SSL traffic by the use of forged CA certificates - [URL]. It turns out there's already a forged certificate in Firefox 3.6.
Go to Edit>Preferences>Advanced>Encryption>View Certificates and look for 'Equifax Secure Inc.' - You should see a proof-of-concept rogue certificate called 'MD5 Collisions Inc.' and a link to phreedom which explains the method used to generate it. That little lock doesn't necessarily mean that you're safe...
View 4 Replies
View Related
Apr 28, 2010
Anyone set up an Apparmor profile for Firefox?
View 9 Replies
View Related
Jun 6, 2010
I don`t know how did that happen but now after reboot my firefox starts with pocker and porno web-pages. I don`t play pocker, never did. Yes, a couple of times I did watch... But I didn`t install or change anything (extentions or add-ons) in firefox. I acrually didn`t change anything in system and now firefox starts up with those adverts. In settings of firefox I have "show last opened pages". Of course I didn`t close ever my firefox with a couple of adverts. And it does only after reboot. So, if I close it now and open again it will show the last pages. But after reboot ... Well, if I saw something like that in windows I`d think that there is a virus or something else like adverts-virus but I`m in kubuntu. Kubuntu 10.04.
View 4 Replies
View Related
Jul 11, 2010
For a while now, firefox has been prompting gnome-keyring (twice)
There is one applet i know of on my system that wants me to enter my keyring pw twice "CPU Frequency Scaling Monitor" (i have a core2-duo cpu, a monitor for each cpu), but i have no clue why ff would be invoking a change in how ubuntu controls that app.
Is there any way of finding out, which application (or perhaps an add-on?) is actually asking for my keyring-pw (the input window just says "an application..." not like e.g. "synaptic package manager...".
View 4 Replies
View Related
