greets.
tho this is off-topic for this list, it is still a bug that centos users along with all users of firefox should be aware of.
due to nature of bug and what is involved, i believe it safer to not go into great details in an open list. never know which 'hats' are subscribed to support list. :-D
so my question is just who should i inform of problem?
mozilla.org? author of add-on? cve.mitre.org? all 3?
tia.
On Wed, Mar 9, 2016 at 1:38 PM, g geleem@bellsouth.net wrote:
greets.
tho this is off-topic for this list, it is still a bug that centos users along with all users of firefox should be aware of.
What version of CentOS and Firefox?
due to nature of bug and what is involved, i believe it safer to not go into great details in an open list. never know which 'hats' are subscribed to support list. :-D
so my question is just who should i inform of problem?
mozilla.org? author of add-on? cve.mitre.org? all 3?
Author of the add-on would be my first stop.
If it turns out to be a larger bug affecting more than just that add-on, hopefully the add-on author will run it up the chain to Mozilla.
tia.
-- peace out.
If Bill Gates got a dime for every time Windows crashes... ...oh, wait. He does. THAT explains it! -+- in a world with out fences, who needs gates.
CentOS GNU/Linux 6.7
tc,hago.
g .
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 03/09/16 12:46, Mike - st257 wrote:
On Wed, Mar 9, 2016 at 1:38 PM, g geleem@bellsouth.net wrote:
<<>>
What version of CentOS and Firefox?
--
centos 6.7, firefox 38.6.1.
<<>>
so my question is just who should i inform of problem?
mozilla.org? author of add-on? cve.mitre.org? all 3?
Author of the add-on would be my first stop.
If it turns out to be a larger bug affecting more than just that add-on, hopefully the add-on author will run it up the chain to Mozilla.
--
reason in bring this up is if a hacker hacks someone's system and has knowledge of bug, he most likely will have disassembled add-on and knows what he needs to know to cause serious problems.
at first, i thought author. after posting and more thought time, authors tend to be too lax in testing and slow in fixing.
as for mozilla.org, their attitude has become 'not fixable, upgrade to later version', which in many cases is not doable.
with cve.mitre.org, they just might issue a 'CESA' to remove add-on and reinstall firefox, do not use add-on until bug is fixed.
On 09/03/16 19:11, g wrote:
On 03/09/16 12:46, Mike - st257 wrote:
On Wed, Mar 9, 2016 at 1:38 PM, g geleem@bellsouth.net wrote:
<<>>
What version of CentOS and Firefox?
--
centos 6.7, firefox 38.6.1.
Does it affect the latest version of Firefox just released:
firefox-38.7.0-1.el6_7
Is the bug in Firefox or the add-on.
If the bug is in Firefox, then I would report it to Red Hat. CentOS will not fix bugs, security or otherwise, as the policy is to rebuild RHEL, bugs and all.
<<>>
so my question is just who should i inform of problem?
mozilla.org? author of add-on? cve.mitre.org? all 3?
Author of the add-on would be my first stop.
If it turns out to be a larger bug affecting more than just that add-on, hopefully the add-on author will run it up the chain to Mozilla.
--
reason in bring this up is if a hacker hacks someone's system and has knowledge of bug, he most likely will have disassembled add-on and knows what he needs to know to cause serious problems.
at first, i thought author. after posting and more thought time, authors tend to be too lax in testing and slow in fixing.
as for mozilla.org, their attitude has become 'not fixable, upgrade to later version', which in many cases is not doable.
with cve.mitre.org, they just might issue a 'CESA' to remove add-on and reinstall firefox, do not use add-on until bug is fixed.
On 03/09/16 14:28, Ned Slider wrote:
On 09/03/16 19:11, g wrote:
<<<>>>
Does it affect the latest version of Firefox just released:
firefox-38.7.0-1.el6_7
Is the bug in Firefox or the add-on.
If the bug is in Firefox, then I would report it to Red Hat. CentOS will not fix bugs, security or otherwise, as the policy is to rebuild RHEL, bugs and all.
--
as it now stands with firefox 38.7.0, bug is still there.
because of what is happening, it _is_ the add-on.
checked mozilla site to see who author is. he is a mozilla program developer. which does not surprise me.
after giving much thought to bug and what could result, i am sending notice to RHEL, mozilla and CVE.
if bug is not fixed within a very few days, i just might inform some of the computer news people and just for fun of it, Homeland Security.
why Homeland Security? simple, there are most likely a lot of .gov officials using firefox on their oos computers. and we all know how easy it is to get into oos. ((GBWG))
-
g -
Mike - st257 -
Ned Slider