Firefox is currently at version 59 which also included several high impact security updates. But the version shipping with Parrot has been stuck at 58.0.1 making at least one minor and one major release behind.
I’ve tried standard apt-get upgrade and apt-get dist-upgrade with no change.
I posted about running Firefox straight from Mozilla but was given a reasonable explanation by @arahkun as to why I shouldn’t. He/she also mentioned that @palinuro would update the OS with the new version soon but I haven’t seen any updates.
Has it not been updated or am I trying to upgrade incorrectly?
Linux parrot 4.14.0-parrot13-amd64
What version of Parrot are you running? (include version, edition, and architecture)
What method did you use to install Parrot? (Debian Standard / Debian GTK / parrot-experimental)
Configured to multiboot with other systems? (yes / no)
If there are any similar issues or solutions, link to them below:
If there are any error messages or relevant logs, post them below:
hello, programs need time to be not only packaged but also tested
firefox is maintained by debian, not by parrot, and parrot will receive the new firefox 59 as soon as it will be ready to release it for debian sid
we can’t go faster than that, and the reason is pretty simple: quality/reliability
I think you should write in the FAQ that Parrot maintain what is tied to Parrot(example : anonsurf), and that everything else follow debian (since Parrot is not Linux from Scratch, but Debian).
i don’t think we need to write it in our FAQ, as our homepage states “Discover the Parrot Universe and get the most from our awesome Debian-based platform.”
Thanks @palinuro. Quality and reliability are definitely great things to have and I appreciate that. Where do security patches fall into that though? Firefox v59 had some important security updates which Mozilla has deemed critical.
I don’t want to answer for the Project Lead but in my opinion I suspect there is some very creative sandboxing and other security mitigations within Parrot OS and possibly Debian depending on how you configure and harden your OS. With those in mind I suspect those vulnerabilities are not so critical.
Just my opinion and possibly I could be entirely wrong but I have a keen enthusiasm for security and currently very up to date with issues such as this.
I should say I would recommend that as soon as we can we put together documentation for hardening your Parrot OS and stuff like that
Hope this helps.
trust me, if there are vulnerabilities out there, we need them to be fixed, i don’t like to have them all around just because “we are sandboxed”, but in this specific case, we are all waiting the update from debian
Hi there LilBitEvil,
First time user, so yes, I’m a total noob pretty much.
If it makes you feel better, I can’t even make Firefox work. It immediately crashes and goes to the send report window.
Anyway, I figured how to change the user “parrot” password from “toor” to what I wanted it to be. However, in order to install updates it’s still asking me for another password, which must be different than the “parrot” user which as I mentioned I had already changed by the following procedure:
Log in as user parrot password parrot.
Then on the top of the screen is a root terminal. Click that.
Then use the “passwd” command to change the password.
Linux Parrot Security OS Raspberry Pi 2/3
armhf (armv7) 32bit
Method of installation: parrot-experimental
I’m not even sure whether I have “Live Persistence”, since I don’t recall doing that step. It would be cool though.
Not configured to multiboot with other systems.
Yeah I’m sure you want to get those resolved as soon as possible. Is there documentation that discusses in more detail how Parrot is sandboxed? I’d love to know more.
@Doryan great to meet you. I hate to say but I’m not clear on what your post has to do with Firefox not being upgraded. It seems like you’re having a separate issue and if so, it’s best to create a new topic to make sure you get the right attention.
@LilBitEvil Great to meet you too.
It’s cool, I understand your statement. I will try to explain the relation that my post has to “Firefox” not being upgraded. So I want to upgrade Firefox, but I can’t upgrade it because it’s not even letting me upgrade by opening the app and doing so, since it crashes the moment I launch the app. That’s pretty much the relationship between Firefox and this post of mine.
Then I went rambling on some other problems that I’m encountering as well, that perhaps aren’t so related to this particular thread. My reasoning was that the more exposure I got, the more likely it was for someone to reach me.
firefox 59 was released in parrot stable some days ago and it runs perfectly for me
Palinuro - How do I know if my “Parrot Security OS” is stable?
I know that if I typed the following in the the terminal:
I would be able to select “stable” configuration, but since this newer version of “Parrot” that I’m running says that it now does it automatically, I wonder how to turn it into “stable”. I might be confused, but I’m just a “noob” who is still learning the ropes.
*Is there a command or way to know what build one is running?
you are on the stable branch by default unless you manually replace “stable” or “parrot” with “testing” in /etc/apt/sources.list.d/parrot.list
I don’t mean to necro an old post but, @Kernel_Troll have you guys made any progress on documenting hardening the Parrot OS 4.1?
I have been looking through the SANS hardening guide ver. 2 Linux Cheatsheet 2. Some of the tools like Bastille are discontinued and no longer updated. I am unsure, since this is a security distro, if some of the steps are already done or not applicable because of the nature of this distro. Basically, don’t know the validity/practicality of using this guide for this distro or find another guide to use.