Bug 1261273

Summary: app is not hardened in any way
Product: [Fedora] Fedora Reporter: Richard Jasmin <spike85051>
Component: firefoxAssignee: Martin Stransky <stransky>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: gecko-bugs-nobody, jhorak, pjasicek, spike85051, stransky
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-01 12:11:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard Jasmin 2015-09-09 05:59:37 UTC 
Description of problem:
Firefox (really all mozilla apps should be checked) is not hardened in any way.A browser is 50% of a client exploitable area, a mail app is the other half.GUESS WHAT? both apps from mozilla run the SAME CODE.

Yet there is LITTLE to NONE hardening options on these apps. I have dropped the bug with mozilla, but as usual with most of my bugs nobody seems to take me seriously.

Other apps such as kompozer and Icecat may be affected as well.
Why do we accept code like this?

AND CAN we compile it hardened or must we reject the sources until we can harden it?

Version-Release number of selected component (if applicable):
21+

How reproducible:
ALWAYS

Steps to Reproduce:
1.run check security script when firefox is open

Actual results:
little to no hardening

Expected results:
These apps should be the most hardened most type checked applications ever.As always I recommend Pascal-esque languages for this BUT use C if you can pull it off.

Hasnt been done is an excuse. CANNOT be done means something else.
Comment 1 Martin Stransky 2015-09-09 07:17:05 UTC 
Firefox hardening has been fixed in Bug 1246287, is there needed anything else?
Comment 2 Richard Jasmin 2015-09-09 23:33:36 UTC 
I dont think so. 1246287? you one lined it.And as far as I know, REDHAT team lead the way AGAIN. No other distro is using hardened browser.
"We take security seriously" HMMMM........I know yall do.