Mozilla First To Patch Pwn2Own Browser Vulnerability 141
Constantine the Less writes "Mozilla has released Firefox 3.0.8 to fix a pair of code execution holes that put users of the browser at risk of drive-by download attacks. It includes a fix for one of the flaws exploited during this year's CanSecWest Pwn2Own hacker contest. The update also fixes a separate zero-day flaw disclosed earlier this week on a public exploit site. Both issues are rated 'critical,' Mozilla's highest severity rating."
Seen how insecure web browsers are... (Score:4, Interesting)
Seen how insecure web browsers are, what would be a good way to surf under Linux?
I have an account that I use only for GMail and my bank's website (the latter using a physical device answering cryptographic challenge so nobody is abusing that [when wiring money to a new account number, the account number of the recipient itself is part of the cryptographic challenge, there's no MITM, no nothing that can work against that]).
Then I have an account only for browsing. The user owning this account on my machine has user ID 1007.
This user is not even allowed to connect to localhost. I don't want to know. All he can do is surf the web, using iptables like this:
iptables -I OUTPUT -m owner --uid-owner 1007 -j REJECT
iptables -I OUTPUT -m owner --uid-owner 1007 -p tcp --dport 80 -j ACCEPT
iptables -I OUTPUT -m owner --uid-owner 1007 -p tcp --dport 443 -j ACCEPT
iptables -I OUTPUT -m owner --uid-owner 1007 -p udp --dport 53 -j ACCEPT
Are there others simple things I could do to deal with security hazard that these browsers are?
Things I could do about this user's home directory permissions? Disable his SSH? etc.
Basically I think I'd like to have an account that can "do nothing but run Firefox".
Or is there an easy, lightweight (lightweight as in "I don't necessarily want to virtualize a full OS just to run a browser", way to sandbox a browser?
In other words, I consider the "security" of all the browsers to be a bad joke and I regard running a browser basically the same as executing "omgWindozeServer2012Crack.exe" on my machine and I'd like any hint from people who are surfing in a "safer" way.
Re:Seen how insecure web browsers are... (Score:5, Interesting)
You could try not freaking the fuck out about browser security, unless you plan on visiting Russian spam sites and whatnot. I use Firefox on Linux and I've never had an issue. I use Flashblock, Adblock and occasionally Noscript. Just exercise reasonable caution and you should be fine. Heck, even under Windows I never got viruses or spyware, and I used IE!
Not only that (Score:3, Interesting)
Re:Seen how insecure web browsers are... (Score:3, Interesting)
Or is there an easy, lightweight (lightweight as in "I don't necessarily want to virtualize a full OS just to run a browser", way to sandbox a browser?
Have a look at the Linux extensions like SELinux or AppArmor. At least the latter one can be set up comparatively easy, and is useful to protect a few selected processes such as FF from doing harm. Certainly not perfect, but it should be able to stop an exploit from taking over the whole account.
However, the weak link will then probably be X and your window environment (KDE/gnome), so full virtualization is still much better. Of course, even that doesn't offer perfect protection.
Re:First post. (Score:2, Interesting)
It would have been funny son, but the sad fact of the matter is that probably half of the XP systems out there are unpatched and use IE6...
Re:And this is a surprise? (Score:0, Interesting)
I love how this is being spun as some great thing for Firefox. Google Chrome didn't even need a patch because it was unaffected by the exploit. Also, as someone else mentioned, IE8 is unaffected, therefore it was patched before Firefox.
Firefox hasn't come first at all. If anything it came pretty damned close to last place, ahead of Safari only.
Re:First post. (Score:3, Interesting)
That's because they're bootlegs, and updating will just install WGA
Re:Seen how insecure web browsers are... (Score:3, Interesting)
On Windows, i sandbox my browsers using Sandboxie, such a fantastic little program.
The newer versions are much better, more control over what a program can access, file-permissions, network, etc
Not sure of any similar sandboxing programs for Linux, sadly.
I second this request.
Re:Seen how insecure web browsers are... (Score:4, Interesting)
how is X the weak link? the weak link is whatever you let on the internet and whatever network aware daemons you have running. once on your system X MAY be the weak link but the pwm2own vulnerabilities dont need root, so X doesn't even matter (much like it matters little in modern security) where attackers don't need root. while SElinux & AppArmor MAY protect against use of these attacks, e.g killing firefox when it executes malicious code, but a fishing scam doesn't need to do anything malicious to your system (and Firefox has already been 'pwned' in the context of this competition).
Full virtulization is useless, if the attack is advanced enough that it can is keylogging a separate user (has root), modifying your Firefox binaries (has root and then some) or modifying what you see (one hell of an exploit somewhere in your xorg stack), then the chances are the attacker can modify your virtualized os when its mounted,( there's nothing you can do that a kernel recompile cant beat and as the attacker has root, he can do that).
you have 2 choices:
1) stop being paranoid
2) run a livecd and update it regularly enough (from your livecd using toram) that there are no known exploits for it. OFC this HAS to be done on multiple cd-rs as a cd-rw could be patched if its exploited. But wait they could actually exploit you and modify the iso before you managed to get it to the disk, so i refer you to point 1.
Now assuming you that you've stopped being paranoid and just want a bit of extra security the GP post is about as good as you can get it protects against all user level exploits.
Re:Seen how insecure web browsers are... (Score:4, Interesting)
Not exactly true. You never got viruses, that you knew of.
Under Windows, with IE, this is no hard thing to achieve. Think of the Sony rootkit. Or about the tons of trash that average people get on their systems, despite having a anti-virus and a firewall software running.
I know of many people who completely turn them both off, when they play games. For performance reasons. Even when the games allow the usage of browsers while running.
Re:First post. (Score:2, Interesting)
That is nothing. Once, during the second stage of a Windows XP installation, as soon as Windows brought up the network interface to configure the DHCP it got slammed by the blaster worm right in the middle of the installation! (The box was connected to a DOCSIS cable network.) I had to power off the modem, reformat, and restart the install. That is why I no longer use windows.
Re:Seen how insecure web browsers are... (Score:4, Interesting)
Re:And this is a surprise? (Score:3, Interesting)
Linux on the other hand does have both of those features, and had them long before vista...
http://en.wikipedia.org/wiki/Address_space_layout_randomization [wikipedia.org]
Re:Seen how insecure web browsers are... (Score:2, Interesting)
how is X the weak link?
Even if SELinux/AA are able to confine the actions of a pwned firefox or it is running as a different user, firefox can get access to keyboard and mouse actions and possible more via X (try xev).
Full virtulization is useless, if the attack is advanced enough that it can is keylogging a separate user (has root), modifying your Firefox binaries (has root and then some) or modifying what you see (one hell of an exploit somewhere in your xorg stack), then the chances are the attacker can modify your virtualized os when its mounted,
If the virtualization is good, the attacker still cannot break out of the VM. In practice there will be exploits allowing to break out, but at least now there are many barriers: the attacker has to exploit firefox, then possibly break out of SELinux/Apparmor and get root, after that it has to modify the kernel and break out of the VM. And depending on the VM and the exploit the attacker may then still only have access to a userspace part of the virtualization environment, running as a normal user on the host. So this is much better than just a single defense.
And while most users don't have to be this paranoid, the good thing about virtualization is that it's easy: you can get all this security with very little effort - the "cost" is much lower than e.g. configuring Apparmor, and the protection is much better.