I am currently using FF 31.5 ESR. I note the security warnings on freakattack,CVE-2015-0291 and wonder if they pose a threat to OiOS?
Reference cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291 mozilla.org/en-US/security/known-vulnerabilities/firefox/ Robert On 11/04/2015 03:36, Fred Kimball via openindiana-discuss wrote: > On Friday, April 10, 2015 9:18 AM, Predrag Zecevic [Unix Systems > Administrator] <[email protected]> wrote: > > On 04/10/15 03:10 PM, Hans J. Albertsson wrote: >>> The failures have varying forms: >>> >>> A text file will sometimes be displayed instead of downloaded. Sometimes it >>> will be downloaded, sometimes it all fails. >>> A pdf download will most often fail, but occasionally be downloaded. >>> Zip och bz or tar packages have so far never failed. >>> >>> What gives?? >>> >>> As stated in the subject, I have tested a few different reasonably modern >>> FF versions, and they all behave the same. >>> >>> Version 3.6 works well, and has never failed a download. >>> (However, several functions on web sites, such as Google Groups and Gmail, >>> aren't really useful in v 3.6. Too many features are >>> marginal with this version.) >>> >>> What could be the reason for the failed downloads??? >>> >>> I have tested starting a fresh profile, but nothing helps, so the Firefox >>> Refresh might not be very useful, But I notice that it >>> isn't available. >>> >>> Please give me as many hints on things to test for, or own experiences or >>> whatever. >>> >>> >>> I have one machine running Oracle Solaris 11.2 with FF 31 and I haven't >>> seen the behaviour in that, but then I haven't done too many >>> downloads in there: at least few enough not to dare to draw any safe >>> conclusions, but it might be OK or at least less prone to this >>> problem. >>> >>> >>> Hans J. Albertsson >>> >> Hi, >> >> I have faced same problem when using packages... Instead, started to use tar >> version(s), and download worked... >> For example: >> https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/31.1.1esr/contrib/solaris_tarball/ >> >> There are other small problems (flashplayer) but that is another story. >> >> With best regards, >> Predrag Zečević >> >> >> Predrag Zečević >> Technical Support Analyst >> 2e Systems GmbH >> >> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 >> Mobile: +49 174 3109 288, Skype: predrag.zecevic >> E-mail: [email protected] >> >> Headquarter: 2e Systems GmbH, Königsteiner Str. 87, >> 65812 Bad Soden am Taunus, Germany >> Company registration: Amtsgericht Königstein (Germany), HRB 7303 >> Managing director: Phil Douglas >> >> http://www.2e-systems.com/ - Making your business fly! >> _______________________________________________ > > Are you getting 0 byte downloads? I used to have that problem beginning with > FF 24 or 26. The problems ended when Hipster upgraded GNOME to mostly 2.32. > > If the file size where you downloaded the file reports that it is 0 bytes, > look in /tmp for a file with an 8 character name followed by the extension > and then .part; i.e. Wxqitlyu.pdf.part. Copy or cut the file and paste it to > where you downloaded the file to. Then select the faulty file, press F2, copy > the filename, then delete the file. Finally, rename the .part file with the > original name of the downloaded file. A pain but worked for me. > > I too use the tarballs. 31.6.0esr was added on April 10th. > https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ > ftp://ftp.mozilla.org/pub/firefox/releases/ > > Regards, > Fred > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
