On 07/16/2015 01:06 PM, Daniel Micay wrote:
On 16/07/15 03:48 PM, Natu wrote:
On 07/16/2015 05:10 AM, Ben Oliver wrote:
I have to agree with Ralf, you will be fine.
I have been flash-free for 18 months now and it's going absolutely fine. Unless you have a penchant for flash games, there's very little reason to have it installed any more.
I totally support phasing out flash, however, I run firefox inside a docker container and then I don't have to worry about these security issues since I disgard the running container and reload from the saved image daily.
Natu
You do have to worry unless you don't care about it someone grabbing all of your active login sessions (cookies), all of the entered form data, etc. There's a reason for browser sandboxes being per-site-instance instead of trying to wrap the browser as a whole. Most of the information the attackers want is in the web browser, or can be obtained there by grabbing passwords and other information like credit card numbers as they're entered.
Anyway, local privilege exploits in the Linux kernel are as common as remote Flash exploits. Docker exposes nearly the entire Linux kernel attack surface to code in the container. It's not much of a sandbox.
Thanks for pointing this out.. What you say is true. I actually run two different firefox browsers, one for secure uses and the other for random browsing. One inside of a VM on my desktop (and I revert back to the base image daily). The other web browser I run in a docker container running on a tiny arm box. The one running on the arm box, obviously doesn't support flash. I generally use the one running on the arm box for online banking/credit cards etc. I don't know that I even trust openssl anymore. I used to run chromium, but got tired of it passing so much information back to google, so I went back to firefox. What I run is not an ideal solution. I'm open to other suggestions. I used to love chrome, but got tired of google spying. And yes, you have to turn off features in firefox to avoid similar spying behavior, but it can be done without maintaining your own version of the source code. Natu