Fedora Linux Support Community & Resources Center
  #1  
Old 2nd November 2012, 11:14 PM
mmix Offline
Registered User
  
Join Date: Aug 2009
Posts: 742
linuxfirefox
don't use java, flash.
http://thenextweb.com/microsoft/2012...bilities-list/

it is really serious security threat to normal user.

Quote:


Oracle Java Multiple Vulnerabilities: DoS-attack (Gain access to a system and execute arbitrary code with local user privileges) and Cross-Site Scripting (Gain access to sensitive data). Highly Critical.
Oracle Java Three Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Gain access to sensitive data. Highly Critical.
Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Highly Critical.
Adobe Reader/Acrobat Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
Apple QuickTime Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
Apple iTunes Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
Winamp AVI / IT File Processing Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
Adobe Shockwave Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Gain access to sensitive data. Extremely Critical.
Reply With Quote
  #2  
Old 2nd November 2012, 11:48 PM
Penguinclaw's Avatar
Penguinclaw Offline
Registered User
  
Join Date: Jul 2009
Location: UK
Posts: 142
linuxfirefox
Re: don't use java, flash.
I've just checked the report at Kaspersky and as far as I can see the solution is to patch from the vendor. So my question is, if you are fully patched, surely you are reasonably safe from these exploits that Kaspersky list? I realise that Flash and Java are evil but to some they are useful and until we have a web that doesn't require Flash to, for instance view video, we're a bit stuck

I tend to use security addons with Firefox such as noscript, WOT and Better privacy and surf with restraint.
__________________
OSS - the way forward
Reply With Quote
  #3  
Old 3rd November 2012, 02:14 AM
Fenrin Offline
Registered User
  
Join Date: Apr 2010
Location: Earth
Posts: 858
linuxepiphany
Re: don't use java, flash.
Quote:
Originally Posted by Penguinclaw View Post
I've just checked the report at Kaspersky and as far as I can see the solution is to patch from the vendor. [...]
Oracle is sometimes very late with patching known security vulnerabilities from Java.

A security researcher fixed such a security hole with just 25 characters change of code. Oracle didn't intend to provide a fix until 19 February 2013. I'm not sure if Oracle changed their mind about this issue.

h-online: Security researcher experiments with patching Java

Quote:
Originally Posted by Penguinclaw View Post
[...]but to some they are useful and until we have a web that doesn't require Flash to, , for instance view video[...]
websites which require Flash seem to me to be a bit old-fashioned. YouTube and Vimeo for example doesn't require Flash (except if less featurerich browsers like Epiphany is used).
Last edited by Fenrin; 3rd November 2012 at 02:41 AM.
Reply With Quote
  #4  
Old 3rd November 2012, 11:27 AM
Pitfall Offline
Registered User
  
Join Date: Nov 2011
Location: the Netherlands
Posts: 67
linuxfirefox
Re: don't use java, flash.
@Fenrin: YouTube still requires Flash for the majority of videos because they have ads. Videos with no ads can be wachted in HTML5.
Sadly, my bank (still) uses Flash for the administration panel. Foolish me, foolish bank.

Are the java vulnerabilities only for Oracle Java, or does openJDK also suffer from it? I never liked Java and this encourages me more to seek alternatives for my Java applications.
__________________
Desktop: i3 540, GT430, Fedora 17 x86_64 KDE
Netbook: E-450, HD 6230, Fedora 17 x86_64 KDE
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Java / Flash carstensen Using Fedora 0 14th April 2011 12:20 PM
flash $ java on FC7 64 hirohitosan Installation and Live Media 1 3rd August 2007 10:45 AM
64 bit and Java/Flash anilat3r Installation and Live Media 8 4th May 2007 06:23 AM
Java and Flash on FC4 PPC? steward75 Mac Chat 1 8th July 2005 02:12 AM
flash&java mbjbdc Using Fedora 4 3rd June 2004 02:21 AM


Current GMT-time: 08:19 (Wednesday, 22-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat