Cefn, this bug was reported a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue? If so, could you please test for this with the latest development release of Ubuntu? ISO images are available from http://cdimage.ubuntu.com /daily-live/current/ .
If it remains an issue, could you please run the following command in the development release from a Terminal (Applications->Accessories->Terminal), as it will automatically gather and attach updated debug information to this report: apport-collect -p xorg REPLACE-WITH-BUG-NUMBER Please note, given that the information from the prior release is already available, doing this on a release prior to the development one would not be helpful. Thank you for your understanding. Helpful bug reporting tips: https://wiki.ubuntu.com/ReportingBugs ** Package changed: firefox (Ubuntu) => xorg (Ubuntu) ** Changed in: xorg (Ubuntu) Status: Confirmed => Invalid ** Changed in: xorg (Ubuntu) Status: Invalid => Incomplete -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/615138 Title: Bad applet kills Gnome desktop session on Firefox page load Status in “xorg” package in Ubuntu: Incomplete Bug description: A crafted (or just malformed) applet in a page can cause not only the applet's Java VM, but also the Firefox browser and your entire Gnome windows session to die, losing all your work. READ THE ABOVE LINE and save your work BEFORE you visit the following URL... http://cefn.com/blog/processing.html The processing applet takes a while to load so if you're still reading this page and don't want your desktop killed then Ctrl+Q your browser or close the window/tab the URL is loading in. Scrolling the window seems to contribute to the crash, so if you're actually trying to crash it, then try moving the scrollbars or page up and down. Hopefully this crash is restricted to people with certain video cards or something, but if it's as widely experienced as I fear, then an invisible applet in a page could act as an attack to bring Ubuntu users' entire desktop sessions down, although there's no evidence it provides a means of code execution. The processing.org source code used to create the applet is shown at the offending URL, but was intended as a programming tutorial, so it really isn't very complex and has no deliberately threatening code in it. I suspect it's just the nature of the rendering used which creates the problem. This could fall into an Xorg, java or firefox triage queue, as they all contribute. Although this 'attack' does require you to visit a URL, in my view it shouldn't be possible for someone to smuggle an applet tag into a page and kill your desktop remotely using the the browser in its default configuration. I experienced this with sun-java6-plugin installed and without, on two different laptop machines - one Dell, one Lenovo. They both have cheapo Intel graphics cards, though. A way forward in the short term could be to distribute a plugin with Firefox which blocks java content by default. If it was configurable to block flash and silverlight too then it could be considered an Ubuntu feature to have this installed and configurable by default. Emerging developments in the separate threading of Firefox and Firefox plugins may mitigate this kind of issue, although I fear in this particular case the applet steps through all these layers and is able to trigger a fairly low level hardware rendering bug. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: firefox 3.6.8+build1+nobinonly-0ubuntu0.10.04.1 ProcVersionSignature: Ubuntu 2.6.32-24.39-generic 2.6.32.15+drm33.5 Uname: Linux 2.6.32-24-generic i686 NonfreeKernelModules: wl Architecture: i386 Date: Sun Aug 8 22:16:25 2010 EcryptfsInUse: Yes FirefoxPackages: firefox 3.6.8+build1+nobinonly-0ubuntu0.10.04.1 firefox-gnome-support 3.6.8+build1+nobinonly-0ubuntu0.10.04.1 firefox-branding 3.6.8+build1+nobinonly-0ubuntu0.10.04.1 abroswer N/A abrowser-branding N/A InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429) ProcEnviron: LANG=en_GB.utf8 SHELL=/bin/bash SourcePackage: firefox To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/615138/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
