Φόρουμ κοινότητας «Firefox»

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patched. Any payload with ‘/JS’ taken from https://github.com/luigigubello/PayloadsAllThePDFs/tree/main will do. Since this is probably important – FontMatrix is *not* working (no JS), original PoC (https://codeanlabs.com/wp-content/uploads/2024/05/poc_generalized_CVE-2024-4367.pdf) is also *not* working. I also wasn’t able to call an external script and so far haven’t found any path to exploit it beyond an alertbox. However, it still bothers me a lot and I’d like to know whether it’s the correct, expected behavior with FF+pdf.js, is it a vulnerability, or maybe my browser was somehow corrupted or is using some other mechanism that’s not within your control (my settings? about:config?).

Steps to re-create: 1. Open file in notepad 2. Add ‘/OpenAction 99 0 R’ after ‘lang’ in ‘1 0 obj section’ 3. After ‘endobj’ add ‘99 0 obj <</Type /Action /S /JavaScript /JS (app.alert\(1\);)>>’ 4. Result – alertbox popping twice

I have a 2023 MacBook Pro and a Synology NAS. Fairly recently, when I have tried to access the web site for the NAS using Firefox, I have received the following error message: "Unable to connect. An error occurred during a connection to [the IP address].” I am able to access the web site using the Safari and Bing browsers, and I also am able to access the web site using Firefox on an iPad. I already have contacted Apple and Synology support personnel, and have been that the issue is not with either Apple or Synology products. Please let me of any potential solutions to this problem that Mozilla may have.

I have opened a Firefox Account with a password. My Apple credentials are not syncing with my Firefox account. I created my password today for that reason I don't need to reset another password based on principle and keeping things simple. However I do have a Gmail account with Mozilla therefore I may be able to edit my accounts that way. I will also need to update and sync my Apple keychain passwords with my Firefox account. Thank You

I have deleted Norton from my wife's Win7 PC, but it still tries to "help" when she is logging on to various web sites. How do we get Norton off of her Firefox?? Her Firefox is current version.

Thank you for any help.

Ron Olsen

I upgraded Firefox using Ubuntu's apt update, apt dist-upgrade. The upgrade process said my version is 134.0.1 but when I look on the Help button is says my version is 125.0.2. How do I upgrade to 134.0.1?

Is there a way to adjust the timing of notification banners being display in the lower right of my screen... I notice that notification for "X (Twitter)" only last a few seconds, which is fine... but YouTube notifications will not disappear unless I select "Dismiss". I looked at Notification setting but don't see anything that seems to address that. Thank You

Several of my financial accounts give me this error with Firefox. I had to go to Edge to get my tax documents. I'd much rather have a way to get to my sites without leaving Firefox.

HSTS required

Other websites may require HTTP Strict Transport Security (HSTS) and will not allow access with an insecure connection.