72
Firefox Zero-Day Under Attack: Update Your Browser Immediately (a week ago, those who autoupdate are fine) (thehackernews.com)
submitted 1 day ago* (last edited 1 day ago) by plinky@hexbear.net to c/technology@hexbear.net
13 comments fedilink hide all child comments

In case someone missed this (i did :(, story from a week ago), forks also should be updated by now meow-floppy

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8), has been described as a use-after-free bug in the Animation timeline component.

The issue has been addressed in the following versions of the web browser -

Firefox 131.0.2
Firefox ESR 128.3.1, and
Firefox ESR 115.16.1.
top 13 comments
sorted by: hot top controversial new old
[-] Dirt_Owl@hexbear.net 19 points 1 day ago

Supposedly Windows users are safe. Which blows my mind because Windows is usually the least safe.

[-] Dudewitbow@lemmy.zip 13 points 1 day ago

windows was only the least safe because it had the largest user marketshare, therefore was more effective to target them.

in the age where less people are using pcs and optimg for mobile, it makes more sense to target mobile, especially since its way more likely to have sensitive information than an arbitrary computer would.

[-] UlyssesT@hexbear.net 15 points 1 day ago

Contemporary phones are intentionally portable tracking and data collection and transmission devices, all ignoring and not really asking for the consent of the buyer.

It fucking sucks.

[-] Dirt_Owl@hexbear.net 7 points 1 day ago

True true

[-] quarrk@hexbear.net 4 points 1 day ago

Windows was the largest and it sucked at security. It’s better today but the reputation is still well deserved.

[-] EllenKelly@hexbear.net 11 points 1 day ago

This says 131.0.2 was out on october 9th, which is the day before the article you posted, hopefully we're all good

https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/

mine had already updated to 131.0.3

[-] plinky@hexbear.net 8 points 1 day ago

Its mainly reminder for forks, like zen, librewolf etc. Or those who break autoupdate like me

[-] EllenKelly@hexbear.net 4 points 1 day ago

Its good you posted! I was just commenting to add additional info.

[-] SorosFootSoldier@hexbear.net 3 points 1 day ago

mine had already updated to 131.0.3

Yeah I checked mine and it's updated to the same, I got super scared for a moment.

[-] wheresmysurplusvalue@hexbear.net 3 points 1 day ago

I assume this also affects mobile Firefox like Firefox/Fennec for Android? The version of Fennec on F-Droid is like 2 months old.

[-] plinky@hexbear.net 2 points 1 day ago

I haven't seen mentions of mobile anywhere soviet-hmm maybe its sufficiently different?

[-] 4am@lemm.ee 4 points 1 day ago* (last edited 1 day ago)

Has flatpak Firefox been updated yet? Last time I checked it was still (I think) 131.0 but that was a few days ago.

this post was submitted on 16 Oct 2024
72 points (100.0% liked)

technology

23236 readers
119 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS
Jadzia_Dax@hexbear.net
blashork@hexbear.net
context@hexbear.net
EmmaGoldman@hexbear.net
SexUnderSocialism@hexbear.net
gaycomputeruser@hexbear.net
ZoomeristLeninist@hexbear.net