[OpenIndiana-discuss] Firefox security

Bob Friesenhahn bfriesen at simple.dallas.tx.us
Sat Nov 17 18:38:34 UTC 2012


On Sat, 17 Nov 2012, Gary Driggs wrote:

> I see this question asked regularly... Generally speaking, the vast
> majority of browser exploits in the wild target windows browsers or
> their plugins like Java, Adobe Reader & Flash, or ActiveX. So even if
> you're using one of those plugins with a Unix browser (of those
> available), you're already protected since the exploits won't run on
> your OS if they're even triggered in the first place. In my

This might be true for x86 binary code but does not seem to apply to 
JavaScript or any other intepreter/VM embedded in the browser.  Even 
with x86 binary code, it is possible that the code may be able to 
resolve and invoke a standard C library call (e.g. system()) in a way 
which works on both Solaris and Linux.

The Flash plugin is not maintained for Solaris or Linux any more so 
security exploits will continue to build up.

There is little doubt that the chance of being exploited is much less 
with Solaris since the desktop user base is so small, it is not cost 
effective to target it.

Bob
-- 
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/



More information about the OpenIndiana-discuss mailing list