Concerns remain about Parted Magic's FF 16 Beta...

Story: Parted Magic 2012_10_10 Comes With GParted 0.14.0Total Replies: 1
Author Content

Oct 13, 2012
12:28 PM EDT
From this piece itself:
Highlights of Parted Magic 2012_10_10:
· Linux kernel 3.5.6;
· LILO 23.2;
· Mesa 9.0;
· XOrg Server 0.13.0;
· GParted 0.14.0;
· Mozilla Firefox 16.0.1;
And yet Firefox 16.0.1 has only very recently been patched in order to remove vulnerabilities, vulnerabilities severe enough for the Mozilla Foundation to warrant actually removing Firefox 16.0 from circulation.

Quote from the piece 'Firefox 16 re-released fixing multiple vulnerabilities', linked to at LXer via
Quoting:According to Mozilla's advisory though, a similar but separate critical flaw had been found in Firefox 16, Firefox ESR 10.0.8, SeaMonkey 2.13, Thunderbird 16 and Thunderbird ESR 10.0.8 and earlier, which not only disclosed the location object, but, in Firefox 15 and earlier, had the potential for arbitrary code execution. Firefox 16.0.1 closes both these holes. The presence of the flaw in Firefox 15 does, though, raise questions over the previous advice given by Mozilla to downgrade from 16 to 15.

While the flaw under discussion is apparently present in Firefox 15, still, it may be better for the users of Parted Magic and other distributions containing Firefox 15.x through 16.0.1 to wait, if at all possible, for upcoming 16.x vulnerability patches.


Oct 14, 2012
8:47 PM EDT
If, according to your quoted articles, Parted Magic contains Firefox 16.0.1 (which closes both security holes), then why are you suggesting these users wait? Wait for what?

Edit: Just installed Parted Magic 2012.10.10. It shipped with Firefox 16.0, not 16.0.1 as quoted. So, it includes the vulnerable version. But I don't think this is a big deal since Firefox use in this specialized distro is most likely very limited.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!