If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Time to drop Firefox 52ESR, and...
According to
https://nakedsecurity.sophos.com/202...fox-right-now/ , wild attack is going on, so act as soon as possible. Related bug is Bug 1607443, but it seems so critical that the content is not open for public. Firefox 52ESR users on WinXP could switch to roytam's browser seamlessly: https://msfn.org/board/topic/180462-...omment=1176055 -- Regards, Lu Wei IM: PGP: 0xA12FEF7592CCE1EA |
Ads |
#2
|
|||
|
|||
Time to drop Firefox 52ESR, and...
Lu Wei wrote:
According to https://nakedsecurity.sophos.com/202...fox-right-now/ , wild attack is going on, so act as soon as possible. Related bug is Bug 1607443, but it seems so critical that the content is not open for public. Firefox 52ESR users on WinXP could switch to roytam's browser seamlessly: https://msfn.org/board/topic/180462-...omment=1176055 But it says in the Sophos article, you can switch off the JIT settings in about:config and continue using the browser. about:config in the address bar javascript.options.ion false And that should stop the bypassing DEP behavior. That's if a user even has DEP turned on. Which would be a separate article. By turning on DEP, software with a flat tire would be stopped from running, and an error would appear on the screen. An example of a dialog is shown here. https://www.bleepingcomputer.com/for...-dep-prevents/ DEP is not a side-effect free technology. If you turn it on, you'll hate it after a while. The protection features are "gradual". This is an example. WinXP: DEP: yes ASLR: no Vista: DEP: yes ASLR: yes, but broken on one of x86 ox x64 (more research required) Win7+: DEP: yes ASLR: yes Paul |
#3
|
|||
|
|||
Time to drop Firefox 52ESR, and...
On 2020-1-17 18:02, Paul wrote:
But it says in the Sophos article, you can switch off the JIT settings in about:config and continue using the browser. Â*Â*Â*Â* about:config in the address bar Â*Â*Â*Â*Â*Â*Â* javascript.options.ionÂ*Â*Â* false Yes, but it will have performance penalty, although I don't know how much. -- Regards, Lu Wei IM: PGP: 0xA12FEF7592CCE1EA |
Thread Tools | |
Display Modes | |
|
|