this post was submitted on 03 Oct 2023
311 points (90.8% liked)

Technology

59174 readers
3285 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 13 comments
sorted by: hot top controversial new old
[–] [email protected] 145 points 1 year ago* (last edited 1 year ago) (2 children)

Clickbaity title.

Mozilla has provided an update to Firefox version 118.0.1 to close a vulnerability that is already being used to attack Chrome users.

For the second time this month, Mozilla has to patch a 0-day vulnerability in Firefox that initially seemed to affect only Chrome and its derivatives.

Yes it's being exploited, yes you should update, but the vulnerability is not actively exploited in Firefox as far as we (they) know of.

[–] [email protected] 50 points 1 year ago (1 children)

118.0.1 was first released on Sept 28 too, so this isn't exactly breaking news.

[–] [email protected] 14 points 1 year ago (1 children)

I was wondering if this happend again so soon, since I already updated last week.

[–] [email protected] 5 points 1 year ago

Last time this story was posted, this was two updates ago. So unless you haven't upvoted in months, it's a non-issue.

[–] [email protected] 25 points 1 year ago (1 children)

It should also be noted here (you know, TL;DR) that it's also fixed in:
Firefox ESR 115.3.1
Firefox Focus for Android 118.1
Firefox for Android 118.1
Thunderbird 115.3.1

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

[–] [email protected] 7 points 1 year ago (1 children)

And Tor Browser 12.5.5 which has backported the security fixes from Firefox ESR 115.3.1.

[–] [email protected] 3 points 1 year ago

Anyone using Tor browser should know that they should check it's updating status before using it. Thankfully it checks itself but still, stay up to date before you browse.

[–] [email protected] 12 points 1 year ago (3 children)

If anyone wants an easy way to stay on top of browser updates on Android ffupdater does a great job tracking releases for the whole Firefox ecosystem as well as forks and TOR tools.

https://github.com/Tobi823/ffupdater

I have it setup to update Firefox Beta, Mull and Orbot for me as soon as new releases drop.

[–] [email protected] 5 points 1 year ago

Obtanium is really good option too and can handle more than just browser updates. Pretty much any Android APK release can be setup and it supports a wide variety of different repository sources.

[–] [email protected] 2 points 1 year ago (1 children)

Does that update significantly sooner than the play store or is it mainly for people who don't like to use the play store? Mine is on 118.1 and my play store update history says 3 days ago.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

The Play release cycle is a little bit randomized. Sometimes releases take a few days or a week to filter out to users. ffupdater pulls as soon as any of its sources are available and it runs a check (I have mine set to check every 6h.) You'll typically get releases the same day the binary becomes available. I can't think of a time the play store has had a release of the Firefox Beta before I've updated with ffupdater.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I love Fennec, but really hate fdroid's build system. It means when they push an update, it can take up to a week for it to actually be downloadable from fdroid. Yet Mull is based on Fennec and can be updated within a day or two, because they're in the IzzyOnDroid fdroid repo.

Actually it's more then a week, because checking right now, Fennec is still on 117.1 which came out 9/22. That's a massive security issue for a web browser.

[–] [email protected] 2 points 1 year ago

Is this why I've been getting the moz:developer thingy before site loads?