Firefox is currently at version 59 which also included several high impact security updates. But the version shipping with Parrot has been stuck at 58.0.1 making at least one minor and one major release behind.
I’ve tried standard apt-get upgrade and apt-get dist-upgrade with no change.
I posted about running Firefox straight from Mozilla but was given a reasonable explanation by @arahkun as to why I shouldn’t. He/she also mentioned that @palinuro would update the OS with the new version soon but I haven’t seen any updates.
Has it not been updated or am I trying to upgrade incorrectly?
Linux parrot 4.14.0-parrot13-amd64
What version of Parrot are you running? (include version, edition, and architecture)
What method did you use to install Parrot? (Debian Standard / Debian GTK / parrot-experimental)
Configured to multiboot with other systems? (yes / no)
If there are any similar issues or solutions, link to them below:
If there are any error messages or relevant logs, post them below:
I think you should write in the FAQ that Parrot maintain what is tied to Parrot(example : anonsurf), and that everything else follow debian (since Parrot is not Linux from Scratch, but Debian).
i don’t think we need to write it in our FAQ, as our homepage states “Discover the Parrot Universe and get the most from our awesome Debian-based platform.”
Thanks @palinuro. Quality and reliability are definitely great things to have and I appreciate that. Where do security patches fall into that though? Firefox v59 had some important security updates which Mozilla has deemed critical.
I don’t want to answer for the Project Lead but in my opinion I suspect there is some very creative sandboxing and other security mitigations within Parrot OS and possibly Debian depending on how you configure and harden your OS. With those in mind I suspect those vulnerabilities are not so critical.
Just my opinion and possibly I could be entirely wrong but I have a keen enthusiasm for security and currently very up to date with issues such as this.
I should say I would recommend that as soon as we can we put together documentation for hardening your Parrot OS and stuff like that
trust me, if there are vulnerabilities out there, we need them to be fixed, i don’t like to have them all around just because “we are sandboxed”, but in this specific case, we are all waiting the update from debian
First time user, so yes, I’m a total noob pretty much.
If it makes you feel better, I can’t even make Firefox work. It immediately crashes and goes to the send report window.
Anyway, I figured how to change the user “parrot” password from “toor” to what I wanted it to be. However, in order to install updates it’s still asking me for another password, which must be different than the “parrot” user which as I mentioned I had already changed by the following procedure:
Change Password
Log in as user parrot password parrot.
Then on the top of the screen is a root terminal. Click that.
Then use the “passwd” command to change the password.
Linux Parrot Security OS Raspberry Pi 2/3
Parrot Build:
armhf (armv7) 32bit
Parrot-rpi-2017.11.15_armhf
Method of installation: parrot-experimental
I’m not even sure whether I have “Live Persistence”, since I don’t recall doing that step. It would be cool though.
Yeah I’m sure you want to get those resolved as soon as possible. Is there documentation that discusses in more detail how Parrot is sandboxed? I’d love to know more.
@Doryan great to meet you. I hate to say but I’m not clear on what your post has to do with Firefox not being upgraded. It seems like you’re having a separate issue and if so, it’s best to create a new topic to make sure you get the right attention.
It’s cool, I understand your statement. I will try to explain the relation that my post has to “Firefox” not being upgraded. So I want to upgrade Firefox, but I can’t upgrade it because it’s not even letting me upgrade by opening the app and doing so, since it crashes the moment I launch the app. That’s pretty much the relationship between Firefox and this post of mine.
Then I went rambling on some other problems that I’m encountering as well, that perhaps aren’t so related to this particular thread. My reasoning was that the more exposure I got, the more likely it was for someone to reach me.
Palinuro - How do I know if my “Parrot Security OS” is stable?
I know that if I typed the following in the the terminal:
sudo parrot-mirror-selector
I would be able to select “stable” configuration, but since this newer version of “Parrot” that I’m running says that it now does it automatically, I wonder how to turn it into “stable”. I might be confused, but I’m just a “noob” who is still learning the ropes.
NEW QUESTION:
*Is there a command or way to know what build one is running?
I don’t mean to necro an old post but, @Kernel_Troll have you guys made any progress on documenting hardening the Parrot OS 4.1?
I have been looking through the SANS hardening guide ver. 2 Linux Cheatsheet 2. Some of the tools like Bastille are discontinued and no longer updated. I am unsure, since this is a security distro, if some of the steps are already done or not applicable because of the nature of this distro. Basically, don’t know the validity/practicality of using this guide for this distro or find another guide to use.
