MobileRead Forums - View Single Post - [Kindle Touch] Scriptable browser plugin included in 5.1.0

eureka · 07-30-2012, 06:07 AM

It's old news already, but I'd like to see them here for completeness.

Update to 5.1.2 (amongst other changes) deletes NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser, thus eliminating possible remote attack vector.

I didn't update to 5.1.2 yet, so I can't confirm, whether setting of LIPC property of com.lab126.system still allow executing of arbitrary shell code. Anybody willing to check? (Anyway, it's a minor nuisance, as without browser plugin there is no more obvious remote access to KT.)

BTW, owners of Ubisoft games with Uplay, beware: installation procedure creates a browser plugin for it's accompanying uplay launcher, which grants unexpectedly wide access to websites.

07-30-2012, 06:07 AM	#26
eureka but forgot what it's like Posts: 741 Karma: 2345678 Join Date: Dec 2011 Location: north (by northwest) Device: Kindle Touch	It's old news already, but I'd like to see them here for completeness. Update to 5.1.2 (amongst other changes) deletes NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser, thus eliminating possible remote attack vector. I didn't update to 5.1.2 yet, so I can't confirm, whether setting of LIPC property of com.lab126.system still allow executing of arbitrary shell code. Anybody willing to check? (Anyway, it's a minor nuisance, as without browser plugin there is no more obvious remote access to KT.) BTW, owners of Ubisoft games with Uplay, beware: installation procedure creates a browser plugin for it's accompanying uplay launcher, which grants unexpectedly wide access to websites.