Thank you both for your replies !!!
Thank you both for your replies !!!
One thing to be aware of is that even with Apparmor activated I believe a malicious web page exploiting a Flash bug could still install a malicious plugin which would capture passwords in Firefox or redirect your bank account to a phishing site. Apparmor will prevent Firefox from writing to places that it shouldn't touch, but it still has to be able to write to its own configuration files.
It's not likely, but it's one reason why I do all my online banking from a completely different account to normal web-browsing.
Well I got hit by it this morning on the BBC news page "Help for heroes" there is a flash item re the founders getting the MBE. I ran that and it closed Firefox, then nothing else at all would work, not even a terminal window or system monitor. A hard reboot brought a very long "think" followed by a system caret requesting my login. I did a fsck which wen ton for a good 5 mins with all sorts of errors on the system being corrected. Another boot then gave a system which still did not work. So a third hard boot then using a recovery mode from grub has got me back here after re-configuring my network settings which had been wiped out. BTW I was running both Adblock plus and Noscript when the hit happened, also Flashblock, which held it at bay until I clicked on it to view it. Now I need to find a Deb or RPM version of the revised/updated flash the tar versions never seem to work for me and always put things in the wrong place or don't make the links. I am running 9.10 since 10.4 did not allow recovery from sleep or hibernation modes. Finally how do we test? I used to run clamav but it slowed things down so have not installed it on this system, would it catch the Flash virus?
The most reasonable explanation I've run across (though I can't remember where) is that the 64-bit Linux alpha was the only version of 10.0 with 64-bit support, and 10.1 hasn't got a 64-bit build on any platform. Since there were around 32 vulnerabilities in 10.0 and 10.1 wasn't affected, Adobe decided to just have people upgrade to the new version rather than addressing the vulnerabilities of 10.0 (instead just deprecating it). Version 10.1 is fundamentally different from 10.0 in a few ways, but 10.0 is the only version that had a 64-bit build, which was limited to the Linux alpha. So 10.0 (the only one with a 64-bit version) is vulnerable as all heck, and is being resolved by upgrading to 10.1 (which is 32-bit only) rather than an update. I don't think they've stopped work on it entirely; they just don't have a 64-bit upgrade yet and the old version had to be emergency-deprecated.
It's important to note that non-Linux operating systems don't have a 64-bit version available at all, and the 32-bit version works fine on those regardless.
Bookmarks