[OpenIndiana-discuss] Firefox security
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Sat Nov 17 18:38:34 UTC 2012
On Sat, 17 Nov 2012, Gary Driggs wrote:
> I see this question asked regularly... Generally speaking, the vast
> majority of browser exploits in the wild target windows browsers or
> their plugins like Java, Adobe Reader & Flash, or ActiveX. So even if
> you're using one of those plugins with a Unix browser (of those
> available), you're already protected since the exploits won't run on
> your OS if they're even triggered in the first place. In my
This might be true for x86 binary code but does not seem to apply to
JavaScript or any other intepreter/VM embedded in the browser. Even
with x86 binary code, it is possible that the code may be able to
resolve and invoke a standard C library call (e.g. system()) in a way
which works on both Solaris and Linux.
The Flash plugin is not maintained for Solaris or Linux any more so
security exploits will continue to build up.
There is little doubt that the chance of being exploited is much less
with Solaris since the desktop user base is so small, it is not cost
effective to target it.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the OpenIndiana-discuss
mailing list