Re: current flash vulnerabilities - what to do?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 16/07/15 03:48 PM, Natu wrote:
> On 07/16/2015 05:10 AM, Ben Oliver wrote:
>> I have to agree with Ralf, you will be fine.
>>
>> I have been flash-free for 18 months now and it's going absolutely fine.
>> Unless you have a penchant for flash games, there's very little reason to
>> have it installed any more.
> 
> I totally support phasing out flash, however, I run firefox inside a
> docker container and then I don't have to worry about these security
> issues since I disgard the running container and reload from the saved
> image daily.
> 
> Natu

You do have to worry unless you don't care about it someone grabbing all
of your active login sessions (cookies), all of the entered form data,
etc. There's a reason for browser sandboxes being per-site-instance
instead of trying to wrap the browser as a whole. Most of the
information the attackers want is in the web browser, or can be obtained
there by grabbing passwords and other information like credit card
numbers as they're entered.

Anyway, local privilege exploits in the Linux kernel are as common as
remote Flash exploits. Docker exposes nearly the entire Linux kernel
attack surface to code in the container. It's not much of a sandbox.

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux