** Changed in: ubuntu-release-upgrader (Ubuntu Artful)
Importance: Undecided => Low
** Changed in: ubuntu-release-upgrader (Ubuntu Xenial)
Importance: Undecided => Low
** Changed in: ubuntu-release-upgrader (Ubuntu Trusty)
Importance: Undecided => Low
** Bug watch removed: Mozilla Bugzi
This bug was fixed in the package ubuntu-release-upgrader - 1:17.10.11
---
ubuntu-release-upgrader (1:17.10.11) artful-security; urgency=medium
* Properly drop permissions when opening a browser. (LP: #1174007)
-- Marc Deslauriers Mon, 09 Apr 2018
10:01:24 -0400
--
You receive
This bug was fixed in the package ubuntu-release-upgrader - 1:0.220.10
---
ubuntu-release-upgrader (1:0.220.10) trusty-security; urgency=medium
* Properly drop permissions when opening a browser. (LP: #1174007)
-- Marc Deslauriers Mon, 09 Apr 2018
10:01:24 -0400
** Changed in:
This bug was fixed in the package ubuntu-release-upgrader - 1:16.04.25
---
ubuntu-release-upgrader (1:16.04.25) xenial-security; urgency=medium
* Properly drop permissions when opening a browser. (LP: #1174007)
-- Marc Deslauriers Mon, 09 Apr 2018
10:01:24 -0400
** Changed in:
This bug was fixed in the package ubuntu-release-upgrader - 1:18.04.15
---
ubuntu-release-upgrader (1:18.04.15) bionic; urgency=medium
* Fix long line causing pep8 failure in autopkgtest.
-- Marc Deslauriers Sat, 07 Apr 2018
10:57:08 -0400
** Changed in: ubuntu-release-upgrader
** Changed in: ubuntu-release-upgrader (Ubuntu Bionic)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1174007
Title:
release upgrader launches browser as ro
** Also affects: ubuntu-release-upgrader (Ubuntu Bionic)
Importance: Low
Status: Confirmed
** Also affects: ubuntu-release-upgrader (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: ubuntu-release-upgrader (Ubuntu Artful)
Importance: Undecided
Status
FYI, this is going to break in Firefox 60.
Running Firefox like this (as root in a non-root user's session) has
never officially been supported, due to the risk of creating root-owned
files that the user can't delete, potentially being a privilege
escalation vector, etc. However, this hasn't been
** Changed in: ubuntu-release-upgrader (Ubuntu)
Importance: Medium => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1174007
Title:
release upgrader launches browser as root
To manage notifi
This is still an issue in 17.04. I've flipped this to being a security
issue so hopefully it will get the attention it deserves.
$ ps aux | grep firefox
root 4497 12.8 1.0 2211388 347188 ? SNl 10:07 0:03
/usr/lib/firefox/firefox https://wiki.ubuntu.com/ArtfulAardvark/ReleaseNotes
WTF two f***ing years later and still not fixed.
Exact same issue upgrading from 15.04 to 15.10
Also note that launching the browser as root is a huge SECURITY issue, how can
the importance possibly be just "medium"??
--
You received this bug notification because you are a member of Ubuntu
Bu
The exact same thing happens with the 13.04 -> 13.10 updater. I already had
Firefox running. From the Release Notes window, clicking
To see what's new in this release, visit:
http://www.ubuntu.com/desktop/features
brings up same alert about Chromium, and starts a new Firefox window running a
** Summary changed:
- Software updater launches browser as root
+ release upgrader launches browser as root
** Package changed: update-manager (Ubuntu) => ubuntu-release-upgrader
(Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
13 matches
Mail list logo