Bitcoin Forum
September 15, 2024, 05:50:58 PM *
News: Latest Bitcoin Core release: 27.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Critical/High Vulnerabilities in Mozilla Firefox/Tor Browsers!  (Read 155 times)
Lucius (OP)
Legendary
*
Offline Offline

Activity: 3360
Merit: 6046


Crypto Swap Exchange🈺


View Profile WWW
September 04, 2024, 09:30:41 AM
Merited by ABCbits (1), hd49728 (1), Poker Player (1)
 #1

For all those who use Mozilla Firefox and all browsers based on the same (Tor), it is recommended to update to the latest version as soon as possible due to the upgrade that disables vulnerabilities that are marked as Critical/High because they allow an attacker to run code or install software without any interaction with the user and to collect sensitive data without the user's knowledge.

If you have automatic update enabled in your browser, it will update itself after which it needs to be restarted - for manual update, click on the tab Help -> About browser.



Source

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
ABCbits
Legendary
*
Offline Offline

Activity: 2996
Merit: 7872


Crypto Swap Exchange


View Profile
September 04, 2024, 10:05:54 AM
 #2

If you have automatic update enabled in your browser, it will update itself after which it needs to be restarted - for manual update, click on the tab Help -> About browser.

Doesn't both Firefox and Tor Browser enable auto-update by default these days? IMO most user can rest easy, unless
1. They manually disable auto-update feature.
2. Install Firefox from platform such as Microsoft Store or apt which may be slower to release update and makes built-in auto-update can't be used.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Lucius (OP)
Legendary
*
Offline Offline

Activity: 3360
Merit: 6046


Crypto Swap Exchange🈺


View Profile WWW
September 04, 2024, 12:53:10 PM
 #3

@ABCbits, both browsers have an automatic update option, but I'm not sure if it's turned on by default - although the second option that is turned on in that case is for the user to be notified that there is an update, but then to start it with a "manual" update.

Personally, I always use this second option because I always check what the new update brings and then decide if I want to install it immediately or later. In this case, there is no doubt that the new version should be downloaded as soon as possible without delay.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Davidvictorson
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 883


Livecasino.io


View Profile
September 04, 2024, 08:19:31 PM
 #4

I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed? Secondly, in my estimation set one's browser to auto- update could protect a user from these security issues and it should always be left turned on. There are more vulnerabilities in browsers that are yet to be exposed than. We already know of and everyone has to take responsibility for their own security.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
PrivacyG
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1897


Crypto Swap Exchange


View Profile
September 04, 2024, 10:56:41 PM
 #5

I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed? Secondly, in my estimation set one's browser to auto- update could protect a user from these security issues and it should always be left turned on. There are more vulnerabilities in browsers that are yet to be exposed than. We already know of and everyone has to take responsibility for their own security.
There are groups of bad actors of course who try and desperately look for Vulnerabilities as a 'day job' so they can find ways to Scam, Expose or what ever else.  There are also Code readers who find vulnerabilities that were not found or mentioned before.  There are even groups of people who are looking for Vulnerabilities so they could sell them for a hefty Price.

This can go a very long way.  Imagine you were a Terrorist planning an attack and Tor was the Browser you were using every single day to research information.  The CIA is suspecting you already, but you feel safe browsing Tor.  There surely are departments in the C.I.A. with employees whose job is to particularly find Vulnerabilities in Tor well before they are found by Programmers working on Tor.  This means you may be subjected to an attack of the C.I.A. while, in your own mind, thinking you are using Tor safely.

Now of course this can happen to any of us.  There could be groups of people attacking me right now for all I know.  This is a very long story to write anyway.

What I am wondering is.  Was I safer during this Exploit as a Non Java Script user?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
laijsica
Full Member
***
Offline Offline

Activity: 210
Merit: 144



View Profile WWW
September 05, 2024, 06:12:17 AM
 #6

I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed? Secondly, in my estimation set one's browser to auto- update could protect a user from these security issues and it should always be left turned on. There are more vulnerabilities in browsers that are yet to be exposed than. We already know of and everyone has to take responsibility for their own security.
If so, the possibility of personal data being stolen by hackers cannot be ruled out. Online data users should be updated to follow practical procedures to manage all wallet related and personal account related activities.

Is there any instructions regarding Chrome browser ?

██████████████     D u e l b i t s  ORIGINALS    ►►►  PLAY KENO [NEW]     ███████████████
Dice  Mines  ◥ Plinko  Duel Poker  ◥ Dice Duels
███████████████     10,000x MULTIPLIER  |  NEARLY UP TO50% REWARDS     ██████████████
NotATether
Legendary
*
Offline Offline

Activity: 1722
Merit: 7257


In memory of o_e_l_e_o


View Profile WWW
September 05, 2024, 08:00:35 AM
 #7

Is there any instructions regarding Chrome browser ?

Chromium is using a completely different engine to Firefox and as such any vulnerabilities found in one will not be present in the other unless the vulnerability came from a flaw in the Javascript environment that they both support. And even then, that would be a website vulnerability such as in Wordpress. For an actual OS vulnerability they would have to find different ways of breaking out of each sandbox.

ABCbits
Legendary
*
Offline Offline

Activity: 2996
Merit: 7872


Crypto Swap Exchange


View Profile
September 05, 2024, 08:50:51 AM
 #8

I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed?

Nobody knows for sure. But if it was widely used by criminal, we would find such news or report.

What I am wondering is.  Was I safer during this Exploit as a Non Java Script user?

Safer? Yes. But not all vulnerability related with JavaScript. For example, https://www.mozilla.org/en-US/security/advisories/mfsa2022-28/ shows some which doesn't use JS.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NotATether
Legendary
*
Offline Offline

Activity: 1722
Merit: 7257


In memory of o_e_l_e_o


View Profile WWW
September 05, 2024, 08:59:01 AM
 #9

I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed?

Nobody knows for sure. But if it was widely used by criminal, we would find such news or report.

There are way too many vulnerabilities out there in the world for all of the criminals in the world to exploit at once, so what they tend to do is figure out which ones will reach the most users and exploit them, or at least try to, until the security researchers plug that hole. And then the cycle continues. Sort of a cat-and-mouse game if you ask me, but the only ones that actually go on to harm a lot of people are the very popular vulnerabilities that are never patched (Windows.....)

Lucius (OP)
Legendary
*
Offline Offline

Activity: 3360
Merit: 6046


Crypto Swap Exchange🈺


View Profile WWW
September 05, 2024, 10:09:18 AM
 #10

I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed?
~snip~

It is obvious that these vulnerabilities have existed for who knows how long, the only question is who discovered them first, the good guys or the bad guys? Given that users are exposed to such vulnerabilities even while they are just surfing, then we should not be too surprised by stories in which people claim that their coins mysteriously disappeared from their wallets even though they did not make a single wrong step.

All this is more reason to raise our security to an even higher level, perhaps even to the extent that we don't use our crypto wallets on the computer where we surf - which, of course, is a difficult mission for many.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Davidvictorson
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 883


Livecasino.io


View Profile
September 05, 2024, 07:51:14 PM
 #11

The responses that I have  received on my comment from PrivacyG, ABCbits, and Lucius are such an eye opener and very expository. And the thought that crossed my mind which I found myself thinking about is that it is possible that my browser is already exposed to some of this vulnerabilities however they are either not causing any damage yet because they are yet to be activated or they are already causing some damage, nevertheless slowly without a trace.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Lucius (OP)
Legendary
*
Offline Offline

Activity: 3360
Merit: 6046


Crypto Swap Exchange🈺


View Profile WWW
September 06, 2024, 10:55:18 AM
 #12

Thanks to whoever reported this topic to be moved where far less people will see it - some people really do have malicious intentions on this forum... but karma is merciless and it will catch up with you all Wink

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
vleroybrown
Hero Member
*****
Offline Offline

Activity: 1205
Merit: 506


This is who we are.


View Profile
September 06, 2024, 01:21:50 PM
 #13

Thanks to whoever reported this topic to be moved where far less people will see it - some people really do have malicious intentions on this forum... but karma is merciless and it will catch up with you all Wink

Healthy doses of karma may upset ones stomach.
NotATether
Legendary
*
Offline Offline

Activity: 1722
Merit: 7257


In memory of o_e_l_e_o


View Profile WWW
September 06, 2024, 02:09:50 PM
 #14

Thanks to whoever reported this topic to be moved where far less people will see it - some people really do have malicious intentions on this forum... but karma is merciless and it will catch up with you all Wink

Healthy doses of karma may upset ones stomach.

It literally means nothing. Just, what, 1, 2 more posts you need to make now to reach your previous quota?

All the security threads tend to get moved to this board. It's another reason why you should lobby for a Cybersecurity and Privacy board.

Lucius (OP)
Legendary
*
Offline Offline

Activity: 3360
Merit: 6046


Crypto Swap Exchange🈺


View Profile WWW
September 07, 2024, 09:02:24 AM
 #15

It literally means nothing. Just, what, 1, 2 more posts you need to make now to reach your previous quota?

All the security threads tend to get moved to this board. It's another reason why you should lobby for a Cybersecurity and Privacy board (https://bitcointalk.org/index.php?topic=5434404.0).


I honestly didn't expect that from you - you conclude that I wrote it because I'm angry that a couple of my posts ended up off-topic? Maybe if you look at how many posts I write per week, then it wouldn't occur to you to mention a post quota...

All security topics?

https://bitcointalk.org/index.php?topic=5508261.0
https://bitcointalk.org/index.php?topic=5507817.0
https://bitcointalk.org/index.php?topic=5507576.0

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Vallkeinec
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
September 09, 2024, 10:55:40 AM
 #16

Tor has long been an insecure browser.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!