Firefox exploit found in the wild.

[SNJ]

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

I used Cyberfox for a long time. And it wasn't the latest version. But then, I also have ublock and NoScript enabled so I don't know if i was affected.

I am now using Palemoon 25.6 I don't want to go back to Firefox. What should I do?

 

[ninaholic37]

I think you posted the wrong link?

edit: Or perhaps the link you posted generates a different page for me than for you? Heh, never thought of that. For me, that link just shows instructions on how to update Firefox. Nothing about exploits or security.

 

[SNJ]

Yeah, I posted the wrong link. Sorry about that. Fixed it now.

 

[Red Squirrel]

Wow this is what, like 3 very serious exploits now in the past month? Is Firefox using code from past versions of IE or something?

The thing is as far as features and usability I really can't find something as good as Firefox, every time I try to switch I end up going back. But if it's going to basically be acting as a trojan it might be time to make the switch, again.

Someone needs to take the FF source code from like 1.0, add everything to bring it up to par with the latest tech (html5 etc) and release it as a lite version. FF has gotten so bloated it just needs a huge cleanup.

 

[Jodell88]

This is old, relatively speaking. It's already been talked about in the firefox 39 thread.

 

[Jodell88]

Wow this is what, like 3 very serious exploits now in the past month? Is Firefox using code from past versions of IE or something?

The thing is as far as features and usability I really can't find something as good as Firefox, every time I try to switch I end up going back. But if it's going to basically be acting as a trojan it might be time to make the switch, again.

Someone needs to take the FF source code from like 1.0, add everything to bring it up to par with the latest tech (html5 etc) and release it as a lite version. FF has gotten so bloated it just needs a huge cleanup.

Software can have bugs and exploits. Mozilla's quick security release should be thanked. At least you don't have to wait for "patch tuesday" to get your security fixes.

 

[TheRyuu]

Wow this is what, like 3 very serious exploits now in the past month? Is Firefox using code from past versions of IE or something?

What separates Firefox from the other browsers aren't the bugs, they all have bugs some of which can be exploited. What seperates Firefox is the lack of defense in depth. What would the consequence of this bug be if the pdf reader were running in an untrusted process with a lowbox token (appcontainer)?

 

[Ketchup]

This is old, relatively speaking. It's already been talked about in the firefox 39 thread.

Yes, and it has been fixed, but I know some users are hanging onto older versions for one reason or another. This is a very good reason not to be.

 

[ninaholic37]

What would the consequence of this bug be if the pdf reader were running in an untrusted process with a lowbox token (appcontainer)?

overhead

 

[TheRyuu]

overhead

Of the bug or of those technologies? Because the overhead of those technologies is negligible and is exactly what Chrome uses for its renderer and ppapi plugin processes.

 

[ninaholic37]

edit: derogatory comments about i7-4770k users removed