Midori, default browser on Mini, is insecure

Project:Trisquel mini
Version:7.0
Component:Code
Category:bug report
Priority:critical
Assigned:Unassigned
Status:active
Description

From upstream:

https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

"Ubuntu releases WebKitGTK+ updates somewhat inconsistently. For instance, Ubuntu 14.04 came with WebKitGTK+ 2.4.0. 2.4.8 is available via updates, but even though 2.4.9 was released upstream over eight months ago, it has not yet been released as an update for Ubuntu 14.04."

[...]

"Ubuntu organizes its software into various repositories, and provides security support only to software in the main repository. This version of WebKitGTK+ is in Ubuntu’s “universe” repository, not in main, so it is excluded from security support."

Sun, 07/24/2016 - 22:45

The result of
https://www.howsmyssl.com/
Your SSL client is Bad.

Insecure Cipher Suites
Bad Your client supports cipher suites that are known to be insecure:

TLS_DHE_DSS_WITH_RC4_128_SHA: This cipher uses RC4 which has insecure biases in its output.
TLS_RSA_WITH_RC4_128_MD5: This cipher uses RC4 which has insecure biases in its output.
TLS_RSA_WITH_RC4_128_SHA: This cipher uses RC4 which has insecure biases in its output.

midori 0.5.11 Trisquel-Mini-7

Thu, 08/18/2016 - 09:30

I got the same exact thing with midori

I can confirm quite easily.