Firefox bug also affecting old legacy versions and forks

General project discussion

Moderator: satrow

Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, and related, but don't have a more fitting board available.

Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
User avatar
gepus
Lunatic
Lunatic
Posts: 362
Joined: 2017-12-14, 12:59

Firefox bug also affecting old legacy versions and forks

Unread post by gepus » 2019-11-07, 10:00

Actively exploited bug in fully updated Firefox is sending users into a tizzy

The bug applies also to old legacy versions of Firefox and forks.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24822
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Firefox bug also affecting old legacy versions and forks

Unread post by Moonchild » 2019-11-07, 10:48

Long since been patched in Pale Moon. (also, not sure why you are calling attention to something from May)
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

coffeebreak
Board Warrior
Board Warrior
Posts: 1913
Joined: 2015-09-26, 04:51
Location: U.S.

Re: Firefox bug also affecting old legacy versions and forks

Unread post by coffeebreak » 2019-11-07, 10:58

Moonchild wrote:
2019-11-07, 10:48
(also, not sure why you are calling attention to something from May)
The article is dated: 11/5/2019. Moonchild, it's from November (it uses U.S. dating conventions).

User avatar
gepus
Lunatic
Lunatic
Posts: 362
Joined: 2017-12-14, 12:59

Re: Firefox bug also affecting old legacy versions and forks

Unread post by gepus » 2019-11-07, 11:02

Moonchild wrote:
2019-11-07, 10:48
also, not sure why you are calling attention to something from May
Simply because the bug applies to Pale Moon 28.7.2 as well.

User avatar
moonbat
Astronaut
Astronaut
Posts: 723
Joined: 2015-12-09, 15:45
Location: Australia

Re: Firefox bug also affecting old legacy versions and forks

Unread post by moonbat » 2019-11-07, 11:04

The fact that someone would be halfwitted enough to think that <random Cloudfront subdomain> asking you for a password is a legitimate Microsoft site is why my faith in the human race firmly remains at zero. And that's after you see a poorly worded message like that.

Then again there are also people who insist that Firefox respects privacy no matter what.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.2 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 4011
Joined: 2011-10-03, 10:19
Location: Texas, USA

Re: Firefox bug also affecting old legacy versions and forks

Unread post by Night Wing » 2019-11-07, 11:11

When I was down volunteering at the computer repair shop I frequent quite often about three weeks ago; since the shop is owned by my next door neighbor, a customer came in with his desktop tower computer. He was using Firefox in Windows 7 as his default browser. This bug was in Firefox and he told me Firefox was locked up.

I asked him if he used the Task Manager to close Firefox. He said he had, but when he restarted Firefox, the process in one of his five tabs started again and locked up Firefox. He asked me if I could fix it. I told him I should be able to solve the problem in a "few minutes of time".

So I hooked up his desktop tower to a power cord, a keyboard, a mouse and a monitor, but I didn't install the ethernet cable. Without the ethernet cable, there was no way to get to the internet. Then I booted up Firefox, saw the tabs trying to load, but without an internet connection, none of the sites could load. I then closed all five tabs by the "X" in them. Then I quit Firefox which took me to his Desktop photo.

Then I reconnected the ethernet cable so I could gain access to the internet, then booted Firefox again and all of his tabs were gone. He was then a happy camper. He asked me how much did he owe the shop. I told him "no charge". I then told him to remember what I had done if he ran into this minor problem again.

The shop does this type of "repair", for the want of a better term, but this type of quick service without charge brings the shop quite a lot of repeat business when customers have a very real serious problem with their computers and which also gives the shop, "referrals".
Last edited by Night Wing on 2019-11-07, 17:10, edited 1 time in total.
Linux Mint 19.2 (Tina) Xfce 64 Bit (Default Distribution OS) with 64 Bit linux Pale Moon
Windows 7 Home Premium & Ultimate SP1, 64 Bit (Backup OS) with 32 Bit windows Pale Moon

User avatar
Lootyhoof
Themeist
Themeist
Posts: 1292
Joined: 2012-02-09, 23:35
Location: United Kingdom

Re: Firefox bug also affecting old legacy versions and forks

Unread post by Lootyhoof » 2019-11-07, 11:22

The referenced bug #1571003 does seem to still apply. It includes a link to a PoC which I won't directly link here (care should be taken as it DOES continually spam dialog boxes).

User avatar
RoestVrijStaal
Hobby Astronomer
Hobby Astronomer
Posts: 26
Joined: 2019-06-19, 19:18
Location: Dependency Hell

Re: Firefox bug also affecting old legacy versions and forks

Unread post by RoestVrijStaal » 2019-11-07, 15:07

By the way, the website of the PoC features several other exploits which affect Pale Moon as well, after testing it at my side.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24822
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Firefox bug also affecting old legacy versions and forks

Unread post by Moonchild » 2019-11-07, 15:13

The screenshot in the article shows a regular auth prompt which is something that was addressed a while back. That's why I didn't look any further. As for the date confusion, since this -was- an issue around the time I misread it as, it's an easy mistake to make. I usually deal with either DD/MM/YYYY or YYYY-MM-DD dates ;)

Apparently the linked bug is about the abuse of a different prompt related to the same (basic auth) method. I've read through it and the cases these prompts were added for really don't seem to apply on today's Internet, so preffing it and defaulting to off is certainly something to do.
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24822
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Firefox bug also affecting old legacy versions and forks

Unread post by Moonchild » 2019-11-07, 15:39

Tracking this in Issue #1275 (UXP).
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

vannilla
Astronaut
Astronaut
Posts: 686
Joined: 2018-05-05, 13:29

Re: Firefox bug also affecting old legacy versions and forks

Unread post by vannilla » 2019-11-07, 17:15

Moonchild wrote:
2019-11-07, 15:13
Apparently the linked bug is about the abuse of a different prompt related to the same (basic auth) method. I've read through it and the cases these prompts were added for really don't seem to apply on today's Internet, so preffing it and defaulting to off is certainly something to do.
Can you elaborate on this? I'm courious to know what's different than the already-addressed prompts.
The article linked in the OP isn't really explanatory on the matter.

User avatar
Admin
Site Admin
Site Admin
Posts: 267
Joined: 2012-05-17, 19:06

Re: Firefox bug also affecting old legacy versions and forks

Unread post by Admin » 2019-11-07, 19:52

How about this very clear explanation (in the already-linked bug): https://bugzilla.mozilla.org/show_bug.cgi?id=1571003#c4
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"

vannilla
Astronaut
Astronaut
Posts: 686
Joined: 2018-05-05, 13:29

Re: Firefox bug also affecting old legacy versions and forks

Unread post by vannilla » 2019-11-07, 20:01

Thanks. Somehow I missed Lootyhoof's post with the bugzilla link.

User avatar
therube
Board Warrior
Board Warrior
Posts: 1101
Joined: 2018-06-08, 17:02

Re: Firefox bug also affecting old legacy versions and forks

Unread post by therube » 2019-11-08, 00:56

I've posted a real, live link (& in that regard, tread carefully) in this thread, if you're inclined:

https://www.dslreports.com/forum/r32565 ... ding-users

Post Reply