does firefox under ubuntu has something similar to activeX, in terms of security vulnerability?
‘ActiveX’ can be considered in two parts, the object model and the installation method. Firefox has something similar—and cross-platform compatible, Ubuntu or other—for both.
The object model of ActiveX is Microsoft COM; Firefox's equivalent is XPCOM. Many other Windows features and applications that are nothing to do with web browsing use MS COM, and there have traditionally been endless problems where COM controls that were not written for secure web usage were nonetheless available to web pages. This caused many compromises. Firefox is better off here as XPCOM is not shared with the rest of the system. Newer versions of IE have better controls for mitigating what sites are allowed to use what controls.
(As a side-issue, because many add-ons for Firefox are themselves written in JavaScript, a high-level scripting language, they are often more secure from buffer overflow and string handling errors than extensions for IE which are commonly written in C[++].)
The control-downloader part of ActiveX has also been cleaned up a bit since the bad old days when anything in the My Computer zone could install any software it liked, and aggressive loader scripts could trap you in an alert
loop until you agreed to approve the ActiveX prompt. Firefox's equivalent, XPInstall, behaves largely similarly, with the ‘information bar’ on all but Mozilla's sites by default and a suitable warning/prompt before installation.
There is another built-in way you can compromise yourself in Mozilla: signed scripts. I have never seen this actually used, and certainly there'll be another warning window appear before a script gains extra rights, but it kind of worries me that this is available to web pages at all.
for example an exploit through flash will gain access to my pc under my user rights
Yes, the majority of web exploits today occur in plugins. Adobe Reader, Java(*) and QuickTime are the most popular/vulnerable. IMO: get rid of those, and use FlashBlock to only show Flash when you want it.
(*: and Java's dialogues before it lets you give up all security to some untrusted applet is a bit bare too.)
Ubuntu gives you some questionable plugins by default, in particular a media player plugin that will make every vulnerability in any of your media codecs exploitable through the web (similar to the Windows Media Player plugin, only potentially with many more formats). Whilst I have yet to meet an exploit targeting Linux like this, that's really only security through obscurity.
Note that ActiveX itself is no different. A web browser compromise based on ActiveX still only gives user-level access; it's only because prior to Vista everyone habitually ran everything as Administrator that this escalated to a full-on rooting.
and then follow to exploit some known vulnerability in X to gain root rights. that is not "easy".
Maybe, maybe not. But I think you'll find the damage some malware can do from even a normal user account is quite bad enough. Copy all your personal data, observe your keypresses, delete all your documents...
I don't think there's much value in tracking down exactly what the problem is. Of course there is always some value but I can't guarantee you'll ever find out what the problem is.
In Etcher-Sketch terms, it's easier to just shake it until you have a blank canvas and then, if you want, you can pull back some of the less-likely-to-be-infected things (general settings, bookmarks, etc).
But the easiest install vector for malware in Firefox is through its extensions manager. You can check the extensions.ini
file in the active profile for anything suspicious, but as I say, it may bear no fruit.
To get things back to normal, let's shake Firefox:
Nuke the old profile.
Here's a little script that moves the old profile to another location. I'm making this up as I go, so there might be a bug or two in it. You should be able to copy and paste this into a terminal.
cd ~/.mozilla/firefox/
export FFPROFILE=`cat profiles.ini | grep "Path=" | sed 's/^Path=//'`
mv $FFPROFILE $FFPROFILE.BAK
rm profiles.ini
When Firefox next launches, it will create a new profile.
Save bookmarks, saved passwords, etc
After firefox has created the new profile, you can go to ~/.mozilla/firefox/
in nautilus and copy back some of the files into the new profile and then deletes the profile configuration file so that Firefox has to create a new profile. Start by closing Firefox and then punch these lines into a terminal:
cd ~/.mozilla/firefox/
export FFPROFILE=`cat profiles.ini | grep "Path=" | sed 's/^Path=//'`
export OLDFFPROFILE=`ls -1 | grep .BAK`
cp $OLDFFPROFILE/*.sqlite $FFPROFILE/
You can of course do both these parts manually. It's actually easier to do it manually, you just need to know your way around the filesystem a little better. I was just thinking of you needing to do push this off to somebody else... it might just be easier if they copy and paste it into a terminal... Or you do it via SSH.
Best Answer
If the vulnerability to exploit is in the browser (or plugin it uses) then yes. They're just as exploitable as their counterparts on Windows and OSX. There are of course plenty of single-platform examples too but many Flash (for example) exploits are cross-platform.
Thankfully most exploits are just droppers (to install something else on the computer) and most of those aren't compatible with Linux. But you shouldn't get complacent and get cocky. Web security applies to everybody. Just because people aren't targeting you today, doesn't mean they never will.
There are antivirus products for Linux (AVG, ClamAV) that go some way to detect bad things but the market hasn't caught up with Desktop Linux users yet IMO.