[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Firefox exploit found in the wild-Mozilla Foundation Security Advisory 2015-78



On Friday, August 14, 2015 04:30:11 PM Peter Keller wrote:
> Dear Rick, Marcus,
> 
> On Thursday 2015-08-13 17:35, Rick Chung wrote:
> > On Thursday, August 13, 2015 11:04:08 AM Marcus Meissner wrote:
> >> Hi,
> >> 
> >> Our original plan was to fold wait for Firefox 40. This is also
> >> the version currently in the QA queue for openSUSE.
> >> 
> >> I hope we can release it today.
> >> 
> >> Ciao, Marcus
> > 
> > Thank you Marcus for this update.
> 
> I hope that I didn't sound too abrupt or demanding: I really appreciate the
> great job that you all do with openSUSE.
> 

No, not at all. :-)

So far, yesterday, I watched the only patch released was for SUSE systems.

Today, Firefox 40 have been available for openSUSE 13.2

I hope this fix will be available for openSUSE 13.1 over the next hours. :-S



> > In the meantime, I tweaked a few Firefox features and switched to "Always
> > Ask" for PDF preview on Application Preferences.
> 
> I can of course do this: my concern is for other users that I support who
> don't know that this vulnerability exists, and even if they knew wouldn't
> understand how it could affect them or what to do about it. (Yes, there are
> Linux desktop users like that out there :-)
> 

Completely agreed. I have those users too. :-(

Even worst, some of those users use to blame sysadmins because they expect 
sysadmins will protect them from their own faults. :-@

Let's change sysadmin title to "User's Conscious Soul" :-D

> From long experience, I know that system administration must be done at the
> system level. Any sysadmin strategy that relies on getting the users to do
> something is a broken strategy. In this case, the only realistic fix that
> can be rolled out to non-technical users is to update Firefox to a version
> that is patched for this vulnerability.
> 

Completely agreed. I would not minimize your - our concerns. It is genuine and 
critical. This vulnerability needed an urgent fix that I trust is coming quite 
soon because Marcus (who use to know the operational process) already 
mentioned was ready to be release.

Have a Nice Weekend!!

Rick


-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx