Fungovanie tejto stránky je z dôvodu údržby dočasne obmedzené. Ak článok nevyrieši váš problém a chcete položiť otázku, napíšte našej komunite podpory na Twitter @FirefoxSupport alebo Reddit /r/firefox.

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Ďalšie informácie

Browsers should SLOW DOWN their release cycle and release Secure debugged software

  • 1 odpoveď
  • 0 má tento problém
  • Posledná odpoveď od Victor

more options

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

Všetky odpovede (1)

more options

There are only 3 things that interact with the network on my Fedora system: chronyd (clock sync), system-resolvd (DNS) and the Browser. I have disabled chronyd; my system is new and clock battery is good. And I have an infallible security detector: my USB Ethernet adapter with traffic indicator. If I see a prolonged stream of traffic of a minute or two, when I have not clicked on a link, a page, or load a web site, then it could mean only 2 things: that the dns resolver is being hacked or it is the browser. DNS resolver is reputed to be pretty hard to hack. And browsers has security fixes with EVERY version. What would you guess is the culprit attack vector?

I use firejail with the x11 setting enabled. So there is a buffer against key-loggers and screen grabbers. And the x11 buffer is virtual, starts up like new on every restart of the browser. So I should be reasonably safe (I guess). But that does not excuse any vulnerabilities in the browser.

I cannot prove the attack with a PoC, I am not a white hat vulnerability researcher, just an ordinary admin. But I do hold a Security+ cert. Granted the attack may involve other pieces. But the browser is the most likely entry point. And that should not happen. Somebody should hold the browser vendor accountable. There is no un-hackable software, true, but they have to prove their due diligence has been done, and post code audit results with every release.

Pomohla vám táto odpoveď?

Položiť otázku

Ak chcete odpovedať na príspevky, musíte sa prihlásiť do svojho účtu. Ak ešte nemáte účet, položte novú otázku.