Showing questions tagged: Show all questions
  • Solved

CVE-2024-4367 in 115.19.0esr - still vulnerable?

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patch… (read more)

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patched. Any payload with ‘/JS’ taken from https://github.com/luigigubello/PayloadsAllThePDFs/tree/main will do. Since this is probably important – FontMatrix is *not* working (no JS), original PoC (https://codeanlabs.com/wp-content/uploads/2024/05/poc_generalized_CVE-2024-4367.pdf) is also *not* working. I also wasn’t able to call an external script and so far haven’t found any path to exploit it beyond an alertbox. However, it still bothers me a lot and I’d like to know whether it’s the correct, expected behavior with FF+pdf.js, is it a vulnerability, or maybe my browser was somehow corrupted or is using some other mechanism that’s not within your control (my settings? about:config?).

Steps to re-create: 1. Open file in notepad 2. Add ‘/OpenAction 99 0 R’ after ‘lang’ in ‘1 0 obj section’ 3. After ‘endobj’ add ‘99 0 obj <</Type /Action /S /JavaScript /JS (app.alert\(1\);)>>’ 4. Result – alertbox popping twice

Asked by chris 1 day ago

Answered by chris 1 day ago

  • Solved

URL is causing FF to run slow

I clicked on a link in an email and FF began opening it. It then stopped and gave a message that the site was causing FF to run slow. That was an understatement, as FF ne… (read more)

I clicked on a link in an email and FF began opening it. It then stopped and gave a message that the site was causing FF to run slow. That was an understatement, as FF never continued and didn't fully open the site. I copied the URL to Chrome and it had no problem quickly opening the site. What do I need to fix in FF to make it happy again? This is the link if you want to try it. https://www.mypoints.com/jumppage?trkid=p16498665&h=1645af8f93c2559daa84038a922f4a04&merchant=10659&page=110&finalUrl=https%3A%2F%2Fbestbuy.7tiv.net%2Fc%2F49764%2F687081%2F10014%3Fu%3Dhttps%253A%252F%252Fwww.bestbuy.com%252Ftop-deals&brand=BestBuy&deo=16498665,5,0,0,0,0,0&utm_source=BONUSMAIL&utm_medium=email&utm_campaign=1196390

Asked by bill.ruggirello 2 weeks ago

Answered by jonzn4SUSE 2 weeks ago

  • Solved

Firefox isn't allowing me to upload images almost anywhere

I am on endeavourOS (linux). Whenever I try to upload images for a profile picture to sites like youtube or X, the image becomes corrupted and doesn't upload correctly. I… (read more)

I am on endeavourOS (linux). Whenever I try to upload images for a profile picture to sites like youtube or X, the image becomes corrupted and doesn't upload correctly. It did this with whatsapp too and I had to use a separate app for it. Other posts said that disabling "privacy.resistFingerprinting" would fix it, but it's already disabled.

Attached below are an example of this bug and the contents of this image when viewed on a text editor.

Asked by Gabe Lily 4 months ago

Answered by Gabe Lily 4 months ago

  • Solved

Can't access camera in Firefox.

The camera won't turn on in the Firefox browser for Google Meet or Zoom. It says it can't find the camera or that it's turned off. I have checked my Windows 11 settings… (read more)

The camera won't turn on in the Firefox browser for Google Meet or Zoom. It says it can't find the camera or that it's turned off. I have checked my Windows 11 settings and desktop apps have access to the camera. I have also checked the settings for each of the sites and use of the camera and microphone are allowed. Autoplay is enabled too. The camera works fine in other apps and in other browsers.

Asked by Kirk Kettinger 1 month ago

Answered by Kirk Kettinger 1 month ago

  • Solved

bsky.app

bsky.app cookie continues to be loaded on computer even after I continually delete it, privacy set to strict and blocked under "managed exceptions, why is it being reload… (read more)

bsky.app cookie continues to be loaded on computer even after I continually delete it, privacy set to strict and blocked under "managed exceptions, why is it being reloaded when I don't access the site. None of the sites I access are linked to it, only visited once and if this alternative to x continues to set cookies, how can I permanently block it, thought the exceptions list was supposed to keep blocking it. So far it's come back three times, I'll screenshot it next time and attach.

Asked by mitcheljr3 1 month ago

Answered by mitcheljr3 1 month ago

  • Solved

Malwarebytes keeps blocking Mozilla files that seem to originate from it's folder in my laptop as riskware

Malwarebytes keeps blocking Mozilla files that seem to originate from it's folder in my laptop as riskware. Is this something I should make exceptions for? Or is it ris… (read more)

Malwarebytes keeps blocking Mozilla files that seem to originate from it's folder in my laptop as riskware. Is this something I should make exceptions for? Or is it riskware. I'm running Win 11

Asked by Fran Turner 1 month ago

Answered by jscher2000 - Support Volunteer 1 month ago

  • Solved

Simple Tag Groups extension: security and privacy concerns surrounding its permission requests.

Hi all, I have a question regarding the permission requests of the Simple Tab Groups extension by Drive4ik. As I'm sure many of you know, this extension needs to: This … (read more)

Hi all,

I have a question regarding the permission requests of the Simple Tab Groups extension by Drive4ik.

As I'm sure many of you know, this extension needs to: This add-on needs to:

  • Download files and read and modify the browser’s download history
  • Monitor extension usage and manage themes
  • Display notifications to you
  • Access recently closed tabs
  • Hide and show browser tabs
  • Access browser tabs
  • Store unlimited amount of client-side data
  • Access your data for all websites

This add-on may also ask to: Read and modify bookmarks

Theoretically, I find this extension useful but I am concerned about the "Access your data for all websites" requirement. I read through Mozilla's permission request messages for Firefox extensions documentation and it seems like granting this extension these permissions would be a huge risk for the work I do– investigative journalism. It seems like I'll trade organizational benefits for a wider attack surface.

Can anyone speak more about the risks involved with using this extension, the trustworthiness of the developer, and why it needs the "Access your data for all websites" capability?

Thank you.

Asked by secure.amaretto120 1 month ago

Answered by secure.amaretto120 1 month ago

  • Solved
  • Archived

How to setup ESNI in Firefox 91 on Windows

After watching this video https://www.youtube.com/watch?v=mAfY_bNJTBI i went to https://www.cloudflare.com/ssl/encrypted-sni/ and did the test. Result is 3/4. (See screen… (read more)

After watching this video https://www.youtube.com/watch?v=mAfY_bNJTBI i went to https://www.cloudflare.com/ssl/encrypted-sni/ and did the test. Result is 3/4. (See screenshot below) Secure DNS, check DNSSEC, check TLS 1.3 check Enrypted SNI, fail In Firefox i tried doing exactly what the person did in the video but i dont have the settings he is showing in about:config Why is that? (Below you can see the screenshot, those settings are missing from about:config)

So my question reamins simple, how can i enable Enrypted SNI in Firefox?

Asked by Firefox_Beginner 3 years ago

Answered by cor-el 3 years ago

  • Solved

Pop Up ?

What is this window called? When this window started popping up a couple of months ago, I noticed a couple of odd things happening on a website I go to. It would not let … (read more)

What is this window called? When this window started popping up a couple of months ago, I noticed a couple of odd things happening on a website I go to. It would not let me pay them. It would look like it was going to then a white screen would pop up ans say" if you see this window then you ...........". I then have to pay on the phone or chrome. I have whitelisted the site but still does it.

Asked by miso1 2 months ago

Answered by jscher2000 - Support Volunteer 2 months ago

  • Solved

How to stop prompts for location permission when turned off by admin?

Hi, I just installed Windows 11, version 24H2 and now in Firefox I'm continually prompted with "Awaiting Location Permission, Grant Firefox location permission in system … (read more)

Hi, I just installed Windows 11, version 24H2 and now in Firefox I'm continually prompted with "Awaiting Location Permission, Grant Firefox location permission in system settings".

The problem that location has been turned off by admin on this computer. How can I stop these continual prompts from Firefox? I have checked the box in Settings to block location requests from new websites but am still getting the prompts.

Thank you.

Asked by cdeland 2 months ago

Answered by cor-el 2 months ago

  • Solved

Browsing data and Cookies. Not deleting.

Hey all. Please help. Periodically I delete my cookies and site data thus... Preferences/Privacy & Security/Cookies and Site Data/Clear Data. I used to use an add o… (read more)

Hey all. Please help.

Periodically I delete my cookies and site data thus... Preferences/Privacy & Security/Cookies and Site Data/Clear Data. I used to use an add on for this but it stopped working.

Today it says I have "Temporary and cached files 1.3 MB". But it says that after Clear Data. It says it after I quit and restart Firefox. And I still says it after restart the computer. My Manage Data... and Manage Exceptions... boxes are empty. I have tried running Antivirus Zap Pro, which doesn't find anything sinister. How can I get rid of it... whatever it is? Can I access the folder and delete it manually?

I'm on an old Macbook Air, running Monterey. With the latest Firefox 132.0.2

Thanks in advance.

Asked by strewth101 2 months ago

Answered by strewth101 2 months ago

  • Solved

I accidentally sent a crash report, how can I request it to be removed?

My firefox browser froze and i accidentally sent the crash report. Is there any way to request it to be removed i cant find any form or email to ask for deletion. Thanks… (read more)

My firefox browser froze and i accidentally sent the crash report. Is there any way to request it to be removed i cant find any form or email to ask for deletion.

Thanks in advance for all the answers!

Asked by john2312555 2 months ago

Answered by jscher2000 - Support Volunteer 2 months ago

  • Solved

How to Delete Anysearchmanager

Anysearchmanager (ASM) now appears as my search engine when I log on even though duckduckgo is still designated as my default in Firefox. At no time have I elected to us… (read more)

Anysearchmanager (ASM) now appears as my search engine when I log on even though duckduckgo is still designated as my default in Firefox. At no time have I elected to use the unsecure ASM. It does not appear in my applications folder and I can't get to it via disable/delete extensions in Firefox. I can still access duckduckgo if I manually override ASM, but that is a pain. And ASM does not show up on Malwarebytes scans.

How can I purge ASM?

Thanks for your help!!!

David

Asked by jonesds52 2 months ago

Answered by jscher2000 - Support Volunteer 2 months ago

  • Solved

Since update: Firefox prevented this page from reloading error

Since the update I've had a few issues, most I was able to fix but this one eludes me. Opening up various news sites I get the "Firefox prevented this page from reloadin… (read more)

Since the update I've had a few issues, most I was able to fix but this one eludes me. Opening up various news sites I get the "Firefox prevented this page from reloading" error at the top and clicking allow does nothing. Anyone know how to get around this error? I'm not looking to totally disable the FF feature that prevents other pages from loading a different one, but just to browse the website after hitting 'allow'.

Thanks in advance.

Asked by w2dsx 2 months ago

Answered by cor-el 2 months ago

  • Locked

Browsers should SLOW DOWN their release cycle and release Secure debugged software

duplicate of /questions/1474560 thread I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static … (read more)

duplicate of /questions/1474560 thread

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of switching between browsers to escape hacking attempts.

Asked by Victor 2 months ago

  • Locked

Browsers should SLOW DOWN their release cycle and release Secure debugged software

duplicate of /questions/1474560 thread I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static … (read more)

duplicate of /questions/1474560 thread

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hacking attempts.

Asked by Victor 2 months ago