Mario Vilas mvi...@gmail.com wrote:
W^X applies to memory protection, completely irrelevant here.
I recommend to revisit elementary school and start to learn reading!
http://seclists.org/bugtraq/2015/Aug/8
| JFTR: current software separates code from data in virtual memory and
| uses
[mailto:stefan.kant...@nexgo.de]
Sent: Thursday, August 06, 2015 12:33 PM
To: Mario Vilas
Cc: bugtraq; fulldisclosure
Subject: Re: [FD] Mozilla extensions: a security nightmare
Mario Vilas mvi...@gmail.com wrote:
W^X applies to memory protection, completely irrelevant here.
I recommend to revisit
'
Subject: RE: [FD] Mozilla extensions: a security nightmare
Posting on top because that's where the cursor happens to be is
like
sh*tt*ng in your pants because that's where your *ssh*l* happens to
be!
Here, let me fix this for you:
I don't expect to be taking seriously by any technical
[mailto:st...@unixwiz.net]
Sent: vrijdag 7 augustus 2015 8:17
To: 'Stefan Kanthak'; 'Mario Vilas'
Cc: 'bugtraq'; 'fulldisclosure'
Subject: RE: [FD] Mozilla extensions: a security nightmare
Posting on top because that's where the cursor happens to be is like
sh*tt*ng in your pants because that's
Am 06.08.2015 um 21:33 schrieb Stefan Kanthak:
# mount /home -o noexec
bash /home/whatever/binary and you are done
any attacker which don't know this would not come far at all
signature.asc
Description: OpenPGP digital signature
Fri, Aug 7, 2015.
2:26:54 PM.
Yes Please :-)
Thanks
cheers,
/tap
-Original Message-
From: Jakob Holderbaum h...@jakob.io
Date: Fri, 7 Aug 2015 09:13:04
To: bugtraq@securityfocus.com
Subject: Re: [FD] Mozilla extensions: a security nightmare
I want to stress the point made here
: bugtraq@securityfocus.com
Sent: Thursday, August 6, 2015 5:55:05 AM
Subject: Re: [FD] Mozilla extensions: a security nightmare
that's all fine but
* nothing new, independent of lightning
* how do you imagine a restricted user install a extension otherwise
* and no - he must not do
Ansgar Wiechers bugt...@planetcobalt.net wrote:
On 2015-08-05 Stefan Kanthak wrote:
Mario Vilas mvi...@gmail.com wrote:
If this is the case then the problem is one of bad file permissions,
not the location.
Incidentally, many other browsers and tons of software also store
executable code
that's all fine but
* nothing new, independent of lightning
* how do you imagine a restricted user install a extension otherwise
* and no - he must not do that is not a acceptable solution
security and usability are always a tradeoff
hence the topic *is* nonsense
Am 05.08.2015 um 21:27 schrieb
Reindl Harald h.rei...@thelounge.net wrote:
that's all fine but
* nothing new, independent of lightning
ACK
* how do you imagine a restricted user install a extension otherwise
Real sandboxing, if not possible, give the users the possibility to activate
admin-installed extension, and
Am 06.08.2015 um 19:03 schrieb Christoph Gruber:
Reindl Harald h.rei...@thelounge.net wrote:
that's all fine but
* nothing new, independent of lightning
ACK
* how do you imagine a restricted user install a extension otherwise
Real sandboxing, if not possible, give the users the
Mario Vilas mvi...@gmail.com wrote:
This makes no sense.
Right. W^X obviously doesnt make sense to YOU.
Administrator can write everywhere and users can write their own
directories. There is no privilege escalation here, no security
boundary being crossed.
Who wrote anything about
Well, here's my 2 cents:
- Yes, it's unfortunate that firefox extensions are not in
write-protected parts of the FS.
- No, it's not worth eight paragraphs of ranting on this mailing list,
use of all caps, or calling some piece of software evil.
- The sudo-like functionality present in Windows
Mario Vilas mvi...@gmail.com wrote:
If it can only be written by your own user, what would be the
security boundary being crossed here?
Please read AGAIN what I already wrote!
| The security boundary created by privilege separation
ie. Administrator/root vs. user
| and installation of
Mario Vilas mvi...@gmail.com wrote:
%APPDATA% is within the user's home directory - by default it should
not be writeable by other users.
Did I mention OTHER users?
Clearly not, so your argument is moot.
If this is the case then the problem is one of bad file permissions,
not the location.
On 2015-08-05 Stefan Kanthak wrote:
Mario Vilas mvi...@gmail.com wrote:
If this is the case then the problem is one of bad file permissions,
not the location.
Incidentally, many other browsers and tons of software also store
executable code in %APPDATA%.
Cf.
Hi @ll,
Mozilla Thunderbird 38 and newer installs and activates per default
the 'Lightning' extension.
Since extensions live in the (Firefox and) Thunderbird profiles
(which are stored beneath %APPDATA% in Windows) and 'Lightning' comes
(at least for Windows) with a DLL and some Javascript,
17 matches
Mail list logo
