User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.0 Build ID: 20150811213123 Steps to reproduce: launch firefox or one of its derivative projects Actual results: checking security scripts under Linux indicate the application is NOT hardened in ANY way. This makes the application vulnerable in ways I cannot even begin to demonstrate. Expected results: This application should have more than the basic protections enabled. If you wrote the code correctly, it should be a matter of changing the makefile options.If not, you have some serious work to be done.Stack protections, range-checks, RELRO, PIE, NX bit, the list goes on.Security check indicates that none or minimal options are used.
Component: Untriaged → Build Config
frazzled, could you please be more specific? Please list the tools you're using and the warnings/output that they list. As filed this bug is almost too generic to be useful.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 620058
you need info but now its a duplicate? do you need the info or not? check-security script(python) output reveals that the application is not using or barely using any hardening options. hmmm.... firefox 4867 Full RELRO Canary found NX enabled PIE enabled I guess its been fixed.Might want to push the update to linux distros(checked on fedora 22) and notify gnu team for icecat about this.Older releases do not match this and are less hardened.
Resolution: DUPLICATE → WORKSFORME
Component: Build Config → General
Product: Firefox → Firefox Build System
You need to log in before you can comment on or make changes to this bug.