Flash plugin 0-day vulnerability in the wild
poma
pomidorabelisima at gmail.com
Fri Jan 23 15:25:51 UTC 2015
On 23.01.2015 15:12, Kevin Fenzi wrote:
> On Fri, 23 Jan 2015 12:44:23 +0100
> poma <pomidorabelisima at gmail.com> wrote:
>
>> On 23.01.2015 10:51, Martin Stransky wrote:
>>> Folk,
>>>
>>> There's a live 0-day flash vulnerability which is not fixed yet
>>> [1][2]. If you use flash plugin I recommend you to enable the
>>> click-to-play mode for it.
>>
>> Are we covered with
>> $ rpm -q flash-plugin
>> flash-plugin-11.2.202.438-release.x86_64
>> ?
>>
>> Ref.
>> http://helpx.adobe.com/security.html
>
> No.
>
> http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
>
> kevin
>
>
>
Thanks for reference.
Until this is resolved, is this a valid way:
$ sandbox -X -T tmp -t sandbox_web_t firefox
to cover this security issue, or can we isolate only libflashplayer.so,
not the entire browser.
Daniel, can you comment.
More information about the devel
mailing list