Firefox Community Forum

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patched. Any payload with ‘/JS’ taken from https://github.com/luigigubello/PayloadsAllThePDFs/tree/main will do. Since this is probably important – FontMatrix is *not* working (no JS), original PoC (https://codeanlabs.com/wp-content/uploads/2024/05/poc_generalized_CVE-2024-4367.pdf) is also *not* working. I also wasn’t able to call an external script and so far haven’t found any path to exploit it beyond an alertbox. However, it still bothers me a lot and I’d like to know whether it’s the correct, expected behavior with FF+pdf.js, is it a vulnerability, or maybe my browser was somehow corrupted or is using some other mechanism that’s not within your control (my settings? about:config?).

Steps to re-create: 1. Open file in notepad 2. Add ‘/OpenAction 99 0 R’ after ‘lang’ in ‘1 0 obj section’ 3. After ‘endobj’ add ‘99 0 obj <</Type /Action /S /JavaScript /JS (app.alert\(1\);)>>’ 4. Result – alertbox popping twice

• Firefox 127.0.2 (64 bit), Windows 10, all extensions disabled.
• Tested also with a clean portable version (same Firefox version).

In private mode, on Google Images, large images (in the preview pane: if you click on an image in the search results) are sometimes (but not always) blurry. This is not the case in the "normal", nonprivate mode.

It works fine on Android, and other browsers also work fine. I have had this issue for a very long time now, but only now realized that it's a private-mode issue.

Example, which is reproducible for me: Search "site:linkedin.com new york" on Google Images and pick an image with a sufficiently large resolution.

I am using Firefox 128.5.0esr (64-bit) on Debian 12. This is the browser that comes installed with the system. Recently, an offline translation feature was added to Firefox. In settings, you can download various languages. I would like to know where language models for offline translation are stored. The downloaded languages I want to copy to another computer without internet connection so that I can use the offline translation on this computer.

It's not that they are not in my Firefox downloads manager, which I expected. It's that I confirmed before closing my private browsing window that they were in my Downloads folder on my C drive, and when I went back after closing the private browsing window they were gone. Under "recent files" in my file browser it showed a couple of the most recent downloads and when I tried to click to open them it said they had been moved or deleted. Entering the first couple words of the file titles in the search bar in my file browser yields absolutely nothing.

This was over 30 files or so. It will be really irritating to try to find and download all of them again. Does anyone know of any way for me to get them back???

The font size in "Manage Bookmarks" is way too large, both in the sections list menu on the left and the list of bookmarks. I checked my userChrome.css file as well as the layout.css.devPixelsPerPx entry in about:config and there's nothing there to explain why only the "Manage Bookmarks" text is so large.

It's possible I changed a setting somewhere that's causing this. But I'm stumped re: what setting might be controlling the font size in only that UI. All other Firefox text sizes are good.

Thanks to anyone who knows where I should be looking

Firefox 134.0.1 (64-bit) Windows 10

Ever since Facebook started infesting the chats with end-to-end encryption (random chats get "Messenger upgraded the security of this chat. Messages and calls are secured with end-to-end encryption" without my permission or asking if I want this), any encrypted chats have audio and video calls disabled. I note that I have ONE friend for whom it didn't do this, I can still do calls with her. If I receive a call, I get a pop-up saying that to receive this call I must download the Messenger app (no way) or a browser which supports it. If I check what browsers it thinks supports this, it only lists Chrome and Edge. As far as I know Edge is just Internet Explorer renamed, the biggest black hole in security, I've never touched it. Chrome ignores industry standards, so I don't use it. Making Firefox the best, top browser available. It's the only browser I wish to use. Mozilla needs to look into how to get Facebook to stop blacklisting Firefox like this. Note that this E2EE garbage has only been infecting things for the last few months, before that I was perfectly able to do any calls I wished in Facebook Messenger.

I’m using Firefox version 134.0.2 in MacOS 15.2 with 1Password version 8.10.56 for Mac. The 1Password extension is enabled and the app is open and unlocked but each time I open a site requiring login and password I get a pop-up telling me to, “Press the 1Password icon in your browser’s toolbar to unlock.” This requires me to unlock 1Password again to enter the site’s login/password combination. Not sure if this is a Firefox or 1Password issue but it’s annoying. Any thoughts on a resolution? Thanks

Hi there, I just got a new work laptop and tried to sync my firefox browsers so I could keep my passwords and bookmarks from my old laptop. Unfortunately I forgot my password, so I had to reset it on my new device. I logged in again on my old laptop but it's still not syncing or updating the bookmarks on the new laptop. Is there any way to move my bookmarks and passwords over to my new laptop? Thanks!

I'd like to take a full-page screenshot of my content within my Canvas/Instructure online class, but it only captures what's visible. I've tried opening the frame in its own tab, but it doesn't help.

When I use my phone to capture the entire page, it can work, but it's so narrow! Plus I have to continuously tap the "Scroll Down" button for the capturing process to capture more and more.

Can anyone please help? Thanks.

Initially connects video playing to Headphones via Bluetooth then audio stops. Reloading doesn't help. But the same works perfectly on other browsers. Problem is with Firefox audio setting. The problem started only a week ago for firefox