Firefox bug also affecting old legacy versions and forks
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
Firefox bug also affecting old legacy versions and forks
Actively exploited bug in fully updated Firefox is sending users into a tizzy
The bug applies also to old legacy versions of Firefox and forks.
The bug applies also to old legacy versions of Firefox and forks.
Re: Firefox bug also affecting old legacy versions and forks
Long since been patched in Pale Moon. (also, not sure why you are calling attention to something from May)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Moon Magic practitioner
- Posts: 2986
- Joined: 2015-09-26, 04:51
- Location: U.S.
Re: Firefox bug also affecting old legacy versions and forks
The fact that someone would be halfwitted enough to think that <random Cloudfront subdomain> asking you for a password is a legitimate Microsoft site is why my faith in the human race firmly remains at zero. And that's after you see a poorly worded message like that.
Then again there are also people who insist that Firefox respects privacy no matter what.
Then again there are also people who insist that Firefox respects privacy no matter what.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
- Night Wing
- Knows the dark side
- Posts: 5170
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: Firefox bug also affecting old legacy versions and forks
When I was down volunteering at the computer repair shop I frequent quite often about three weeks ago; since the shop is owned by my next door neighbor, a customer came in with his desktop tower computer. He was using Firefox in Windows 7 as his default browser. This bug was in Firefox and he told me Firefox was locked up.
I asked him if he used the Task Manager to close Firefox. He said he had, but when he restarted Firefox, the process in one of his five tabs started again and locked up Firefox. He asked me if I could fix it. I told him I should be able to solve the problem in a "few minutes of time".
So I hooked up his desktop tower to a power cord, a keyboard, a mouse and a monitor, but I didn't install the ethernet cable. Without the ethernet cable, there was no way to get to the internet. Then I booted up Firefox, saw the tabs trying to load, but without an internet connection, none of the sites could load. I then closed all five tabs by the "X" in them. Then I quit Firefox which took me to his Desktop photo.
Then I reconnected the ethernet cable so I could gain access to the internet, then booted Firefox again and all of his tabs were gone. He was then a happy camper. He asked me how much did he owe the shop. I told him "no charge". I then told him to remember what I had done if he ran into this minor problem again.
The shop does this type of "repair", for the want of a better term, but this type of quick service without charge brings the shop quite a lot of repeat business when customers have a very real serious problem with their computers and which also gives the shop, "referrals".
I asked him if he used the Task Manager to close Firefox. He said he had, but when he restarted Firefox, the process in one of his five tabs started again and locked up Firefox. He asked me if I could fix it. I told him I should be able to solve the problem in a "few minutes of time".
So I hooked up his desktop tower to a power cord, a keyboard, a mouse and a monitor, but I didn't install the ethernet cable. Without the ethernet cable, there was no way to get to the internet. Then I booted up Firefox, saw the tabs trying to load, but without an internet connection, none of the sites could load. I then closed all five tabs by the "X" in them. Then I quit Firefox which took me to his Desktop photo.
Then I reconnected the ethernet cable so I could gain access to the internet, then booted Firefox again and all of his tabs were gone. He was then a happy camper. He asked me how much did he owe the shop. I told him "no charge". I then told him to remember what I had done if he ran into this minor problem again.
The shop does this type of "repair", for the want of a better term, but this type of quick service without charge brings the shop quite a lot of repeat business when customers have a very real serious problem with their computers and which also gives the shop, "referrals".
Last edited by Night Wing on 2019-11-07, 17:10, edited 1 time in total.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: Firefox bug also affecting old legacy versions and forks
The referenced bug #1571003 does seem to still apply. It includes a link to a PoC which I won't directly link here (care should be taken as it DOES continually spam dialog boxes).
- RoestVrijStaal
- Moon lover
- Posts: 81
- Joined: 2019-06-19, 19:18
- Location: Dependency Hell
Re: Firefox bug also affecting old legacy versions and forks
By the way, the website of the PoC features several other exploits which affect Pale Moon as well, after testing it at my side.
Re: Firefox bug also affecting old legacy versions and forks
The screenshot in the article shows a regular auth prompt which is something that was addressed a while back. That's why I didn't look any further. As for the date confusion, since this -was- an issue around the time I misread it as, it's an easy mistake to make. I usually deal with either DD/MM/YYYY or YYYY-MM-DD dates
Apparently the linked bug is about the abuse of a different prompt related to the same (basic auth) method. I've read through it and the cases these prompts were added for really don't seem to apply on today's Internet, so preffing it and defaulting to off is certainly something to do.
Apparently the linked bug is about the abuse of a different prompt related to the same (basic auth) method. I've read through it and the cases these prompts were added for really don't seem to apply on today's Internet, so preffing it and defaulting to off is certainly something to do.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Firefox bug also affecting old legacy versions and forks
Tracking this in Issue #1275 (UXP).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Firefox bug also affecting old legacy versions and forks
Can you elaborate on this? I'm courious to know what's different than the already-addressed prompts.Moonchild wrote: ↑2019-11-07, 15:13Apparently the linked bug is about the abuse of a different prompt related to the same (basic auth) method. I've read through it and the cases these prompts were added for really don't seem to apply on today's Internet, so preffing it and defaulting to off is certainly something to do.
The article linked in the OP isn't really explanatory on the matter.
Re: Firefox bug also affecting old legacy versions and forks
How about this very clear explanation (in the already-linked bug): https://bugzilla.mozilla.org/show_bug.cgi?id=1571003#c4
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Re: Firefox bug also affecting old legacy versions and forks
Thanks. Somehow I missed Lootyhoof's post with the bugzilla link.
Re: Firefox bug also affecting old legacy versions and forks
I've posted a real, live link (& in that regard, tread carefully) in this thread, if you're inclined:
https://www.dslreports.com/forum/r32565 ... ding-users
https://www.dslreports.com/forum/r32565 ... ding-users