[OpenIndiana-discuss] Firefox security

[cpforum]

> Message du 17/11/12 19:39
> De : "Bob Friesenhahn" 
> A : "Discussion list for OpenIndiana" 
> Copie à : 
> Objet : Re: [OpenIndiana-discuss] Firefox security
> 
> On Sat, 17 Nov 2012, Gary Driggs wrote:
> 
> > I see this question asked regularly... Generally speaking, the vast
> > majority of browser exploits in the wild target windows browsers or
> > their plugins like Java, Adobe Reader & Flash, or ActiveX. So even if
> > you're using one of those plugins with a Unix browser (of those
> > available), you're already protected since the exploits won't run on
> > your OS if they're even triggered in the first place. In my
> 
> This might be true for x86 binary code but does not seem to apply to 
> JavaScript or any other intepreter/VM embedded in the browser. Even 
> with x86 binary code, it is possible that the code may be able to 
> resolve and invoke a standard C library call (e.g. system()) in a way 
> which works on both Solaris and Linux.
> 
> The Flash plugin is not maintained for Solaris

True : Last Flash is 11.2.202 r223

> or Linux any more so security exploits will continue to build up.=

Wrong : Linux Flash is frozen to 11.2  (windows and Mac are 11.5 now) but security update for Linux Flash 11.2 are provided and current Linux release is 11.2.202 r 252.
Flash Solaris is frozen to r 223.

The problem with Openindiana Desktop is the time. OI Desktop  is more and more unsecure (no update). Firefox, Java and Thunderbird are very old releases. Gnome Desktop is not maintened and applications like OpenOffice, Flash, Adobe Reader, etc. are 2 or 3 years old with a lot of known security holes. Il you want a fresh Firefox (16.0.2), Thunderbird Java, etc Go to this link (French locale) :

http://ossi.pagesperso-orange.fr/OS/openindiana_links.html

C.P.