[kwlug-disc] NSS Vulnerability
Hubert Chathi
hubert at uhoreg.ca
Fri Sep 26 10:33:41 EDT 2014
On Fri, 26 Sep 2014 01:22:05 -0400, "B.S." <bs27975 at yahoo.ca> said:
> Don't understand why Mozilla is running anything called Network
> Security, but never mind that. If I didn't know what NSS is, I can
> only imagine the unvarnished media trying to make a viral soundbite
> out of it.
Yes, it of course should be presented to the media (and to your
non-technical friends) as a Firefox and Chrome vulnerability, rather
than NSS.
>> For example, I don't understand why people care about bash on MacOS X
>> being vulnerable. It's true that it needs to be fixed, but it
>> doesn't affect 99% of the Mac users out there, because they don't run
>> any publicly available services that would be affected.
> Not sure that's entirely true - a little bit of malware sucked down
> however has the possibility of starting a root shell on one's own Mac,
> leading to other nefarious things. (?)
As far as I am aware, there's nothing that the malware could do with the
bash bug that it wouldn't otherwise be able to do that would affect any
significant number of people. The only way that I'm aware of is if
someone allows an regular user to execute a bash script through sudo
without prompting for a password, which probably isn't common at all.
More information about the kwlug-disc
mailing list