Bugtraq mailing list archives
Re: [FD] Mozilla extensions: a security nightmare
From: Jakob Holderbaum <hi () jakob io>
Date: Fri, 7 Aug 2015 09:13:04 +0200
I want to stress the point made here. Please continue the rather childish accusations *in private*. On 08/07/2015 08:52 AM, Frank Waarsenburg wrote:
Time to unsubscribe from Bugtraq. I follow that list to be informed of vulnerabilities, not to get spammed by fighting ego's. Get a life. ___________________________________ Frank Waarsenburg Chief Information Security Officer RAM Infotechnology -----Original Message----- From: Steve Friedl [mailto:steve () unixwiz net] Sent: vrijdag 7 augustus 2015 8:17 To: 'Stefan Kanthak'; 'Mario Vilas' Cc: 'bugtraq'; 'fulldisclosure' Subject: RE: [FD] Mozilla extensions: a security nightmarePosting on top because that's where the cursor happens to be is likesh*tt*ng in your pants because that's where your *ssh*l* happens to be! Here, let me fix this for you:"I don't expect to be taking seriously by any technical community"-----Original Message----- From: Stefan Kanthak [mailto:stefan.kanthak () nexgo de] Sent: Thursday, August 06, 2015 12:33 PM To: Mario Vilas Cc: bugtraq; fulldisclosure Subject: Re: [FD] Mozilla extensions: a security nightmare "Mario Vilas" <mvilas () gmail com> wrote:W^X applies to memory protection, completely irrelevant here.I recommend to revisit elementary school and start to learn reading! http://seclists.org/bugtraq/2015/Aug/8 | JFTR: current software separates code from data in virtual memory and | uses "write xor execute" or "data execution prevention" to | prevent both tampering of code and execution of data. | The same separation and protection can and of course needs to be | applied to code and data stored in the file system too!Plus you're saying in every situation when a user can overwrite its own binaries in its own home folder it's a bugAgain: learn to read! <http://seclists.org/bugtraq/2015/Aug/14> | No. Writing executable code is NOT the problem here. | The problem is running this code AFTER it has been tampered. | (Not only) Mozilla but does NOT detect tampered code.- that would make every single Linux distro vulnerable whenever you install some software in your own home directory that only you can use.# mount /home -onoexecIf you're talking about file and directory permissions it makes sense to talk about privilege escalation.No.But I don't think you really understand those security principles you're citing. For example, can you give me an example of an attackscenario? The attack vector is OBVIOUS, exploitation is TRIVIAL.Also, take a chill pill. Your aggressive tone isn't really helping you at all.Posting on top because that's where the cursor happens to be is like sh*tt*ng in your pants because that's where your *ssh*l* happens to be!
-- Jakob Holderbaum, M.Sc. Embedded Software & Test Engineer 0176 637 297 71 http://jakob.io/ http://jakob.io/mentoring/ hi () jakob io @hldrbm
Current thread:
- Re: [FD] Mozilla extensions: a security nightmare, (continued)
- Re: [FD] Mozilla extensions: a security nightmare Bruce A. Peters (Aug 06)
- Re: [FD] Mozilla extensions: a security nightmare Stefan Kanthak (Aug 17)
- Re: [FD] Mozilla extensions: a security nightmare Christoph Gruber (Aug 06)
- Re: [FD] Mozilla extensions: a security nightmare Reindl Harald (Aug 06)
- Re: [FD] Mozilla extensions: a security nightmare Andrew Deck (Aug 06)
- Message not available
- Re: [FD] Mozilla extensions: a security nightmare Stefan Kanthak (Aug 06)
- Message not available
- Re: [FD] Mozilla extensions: a security nightmare Stefan Kanthak (Aug 06)
- Message not available
- Re: [FD] Mozilla extensions: a security nightmare Stefan Kanthak (Aug 06)
- RE: [FD] Mozilla extensions: a security nightmare Steve Friedl (Aug 06)
- RE: [FD] Mozilla extensions: a security nightmare Frank Waarsenburg (Aug 07)
- Re: [FD] Mozilla extensions: a security nightmare Jakob Holderbaum (Aug 07)
- Re: [FD] Mozilla extensions: a security nightmare Teddy A PURWADI (Aug 07)
- Re: [FD] Mozilla extensions: a security nightmare Reindl Harald (Aug 07)