Page 1 of 1
Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 10:00
by gepus
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 10:48
by Moonchild
Long since been patched in Pale Moon. (also, not sure why you are calling attention to something from May)
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 10:58
by coffeebreak
Moonchild wrote: ↑2019-11-07, 10:48
(also, not sure why you are calling attention to something from May)
The article is dated:
11/5/2019. Moonchild, it's from November (it uses U.S. dating conventions).
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 11:02
by gepus
Moonchild wrote: ↑2019-11-07, 10:48
also, not sure why you are calling attention to something from May
Simply because the bug applies to Pale Moon 28.7.2 as well.
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 11:04
by moonbat
The fact that someone would be halfwitted enough to think that <random Cloudfront subdomain> asking you for a password is a legitimate Microsoft site is why my faith in the human race firmly remains at zero. And that's after you see a poorly worded message like that.
Then again there are also people who insist that Firefox respects privacy
no matter what.
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 11:11
by Night Wing
When I was down volunteering at the computer repair shop I frequent quite often about three weeks ago; since the shop is owned by my next door neighbor, a customer came in with his desktop tower computer. He was using Firefox in Windows 7 as his default browser. This bug was in Firefox and he told me Firefox was locked up.
I asked him if he used the Task Manager to close Firefox. He said he had, but when he restarted Firefox, the process in one of his five tabs started again and locked up Firefox. He asked me if I could fix it. I told him I should be able to solve the problem in a "few minutes of time".
So I hooked up his desktop tower to a power cord, a keyboard, a mouse and a monitor, but I didn't install the ethernet cable. Without the ethernet cable, there was no way to get to the internet. Then I booted up Firefox, saw the tabs trying to load, but without an internet connection, none of the sites could load. I then closed all five tabs by the "X" in them. Then I quit Firefox which took me to his Desktop photo.
Then I reconnected the ethernet cable so I could gain access to the internet, then booted Firefox again and all of his tabs were gone. He was then a happy camper. He asked me how much did he owe the shop. I told him "no charge". I then told him to remember what I had done if he ran into this minor problem again.
The shop does this type of "repair", for the want of a better term, but this type of quick service without charge brings the shop quite a lot of repeat business when customers have a very real serious problem with their computers and which also gives the shop, "referrals".
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 11:22
by Lootyhoof
The referenced
bug #1571003 does seem to still apply. It includes a link to a PoC which I won't directly link here (care should be taken as it DOES continually spam dialog boxes).
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 15:07
by RoestVrijStaal
By the way, the
website of the PoC features several other exploits which affect Pale Moon as well, after testing it at my side.
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 15:13
by Moonchild
The screenshot in the article shows a regular auth prompt which is something that
was addressed a while back. That's why I didn't look any further. As for the date confusion, since this -was- an issue around the time I misread it as, it's an easy mistake to make. I usually deal with either DD/MM/YYYY or YYYY-MM-DD dates
Apparently the linked bug is about the abuse of a
different prompt related to the same (basic auth) method. I've read through it and the cases these prompts were added for really don't seem to apply on today's Internet, so preffing it and defaulting to off is certainly something to do.
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 15:39
by Moonchild
Tracking this in
Issue #1275 (UXP).
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 17:15
by vannilla
Moonchild wrote: ↑2019-11-07, 15:13
Apparently the linked bug is about the abuse of a
different prompt related to the same (basic auth) method. I've read through it and the cases these prompts were added for really don't seem to apply on today's Internet, so preffing it and defaulting to off is certainly something to do.
Can you elaborate on this? I'm courious to know what's different than the already-addressed prompts.
The article linked in the OP isn't really explanatory on the matter.
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 19:52
by Admin
How about this very clear explanation (in the already-linked bug):
https://bugzilla.mozilla.org/show_bug.cgi?id=1571003#c4
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-07, 20:01
by vannilla
Thanks. Somehow I missed Lootyhoof's post with the bugzilla link.
Re: Firefox bug also affecting old legacy versions and forks
Posted: 2019-11-08, 00:56
by therube
I've posted a real, live link (& in that regard, tread carefully) in this thread, if you're inclined:
https://www.dslreports.com/forum/r32565 ... ding-users