Zobrazenie otázok označených: Zobraziť všetky otázky
  • Vyriešené

CVE-2024-4367 in 115.19.0esr - still vulnerable?

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patch… (ďalšie informácie)

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patched. Any payload with ‘/JS’ taken from https://github.com/luigigubello/PayloadsAllThePDFs/tree/main will do. Since this is probably important – FontMatrix is *not* working (no JS), original PoC (https://codeanlabs.com/wp-content/uploads/2024/05/poc_generalized_CVE-2024-4367.pdf) is also *not* working. I also wasn’t able to call an external script and so far haven’t found any path to exploit it beyond an alertbox. However, it still bothers me a lot and I’d like to know whether it’s the correct, expected behavior with FF+pdf.js, is it a vulnerability, or maybe my browser was somehow corrupted or is using some other mechanism that’s not within your control (my settings? about:config?).

Steps to re-create: 1. Open file in notepad 2. Add ‘/OpenAction 99 0 R’ after ‘lang’ in ‘1 0 obj section’ 3. After ‘endobj’ add ‘99 0 obj <</Type /Action /S /JavaScript /JS (app.alert\(1\);)>>’ 4. Result – alertbox popping twice

Otázku položil(a) chris Pred 1 dňom

Na otázku odpovedal(a) chris Pred 1 dňom

  • Vyriešené

URL is causing FF to run slow

I clicked on a link in an email and FF began opening it. It then stopped and gave a message that the site was causing FF to run slow. That was an understatement, as FF ne… (ďalšie informácie)

I clicked on a link in an email and FF began opening it. It then stopped and gave a message that the site was causing FF to run slow. That was an understatement, as FF never continued and didn't fully open the site. I copied the URL to Chrome and it had no problem quickly opening the site. What do I need to fix in FF to make it happy again? This is the link if you want to try it. https://www.mypoints.com/jumppage?trkid=p16498665&h=1645af8f93c2559daa84038a922f4a04&merchant=10659&page=110&finalUrl=https%3A%2F%2Fbestbuy.7tiv.net%2Fc%2F49764%2F687081%2F10014%3Fu%3Dhttps%253A%252F%252Fwww.bestbuy.com%252Ftop-deals&brand=BestBuy&deo=16498665,5,0,0,0,0,0&utm_source=BONUSMAIL&utm_medium=email&utm_campaign=1196390

Otázku položil(a) bill.ruggirello Pred 2 týždňami

Na otázku odpovedal(a) jonzn4SUSE Pred 2 týždňami

  • Vyriešené

I cannot get into my accounts because I cannot receive a text with a code. My phone is held captive.

Please help me sign in to my hotmail (live) outlook account.

I have an appointment and need to access the patient portal.

Thank you!

Otázku položil(a) Stephanie Tuttle Pred 2 týždňami

Na otázku odpovedal(a) Stephanie Tuttle Pred 2 týždňami

  • Vyriešené

Firefox isn't allowing me to upload images almost anywhere

I am on endeavourOS (linux). Whenever I try to upload images for a profile picture to sites like youtube or X, the image becomes corrupted and doesn't upload correctly. I… (ďalšie informácie)

I am on endeavourOS (linux). Whenever I try to upload images for a profile picture to sites like youtube or X, the image becomes corrupted and doesn't upload correctly. It did this with whatsapp too and I had to use a separate app for it. Other posts said that disabling "privacy.resistFingerprinting" would fix it, but it's already disabled.

Attached below are an example of this bug and the contents of this image when viewed on a text editor.

Otázku položil(a) Gabe Lily Pred 4 mesiacmi

Na otázku odpovedal(a) Gabe Lily Pred 4 mesiacmi

  • Vyriešené

Can't access camera in Firefox.

The camera won't turn on in the Firefox browser for Google Meet or Zoom. It says it can't find the camera or that it's turned off. I have checked my Windows 11 settings… (ďalšie informácie)

The camera won't turn on in the Firefox browser for Google Meet or Zoom. It says it can't find the camera or that it's turned off. I have checked my Windows 11 settings and desktop apps have access to the camera. I have also checked the settings for each of the sites and use of the camera and microphone are allowed. Autoplay is enabled too. The camera works fine in other apps and in other browsers.

Otázku položil(a) Kirk Kettinger Pred 1 mesiacom

Na otázku odpovedal(a) Kirk Kettinger Pred 1 mesiacom

  • Vyriešené

bsky.app

bsky.app cookie continues to be loaded on computer even after I continually delete it, privacy set to strict and blocked under "managed exceptions, why is it being reload… (ďalšie informácie)

bsky.app cookie continues to be loaded on computer even after I continually delete it, privacy set to strict and blocked under "managed exceptions, why is it being reloaded when I don't access the site. None of the sites I access are linked to it, only visited once and if this alternative to x continues to set cookies, how can I permanently block it, thought the exceptions list was supposed to keep blocking it. So far it's come back three times, I'll screenshot it next time and attach.

Otázku položil(a) mitcheljr3 Pred 1 mesiacom

Na otázku odpovedal(a) mitcheljr3 Pred 1 mesiacom

  • Vyriešené

Malwarebytes keeps blocking Mozilla files that seem to originate from it's folder in my laptop as riskware

Malwarebytes keeps blocking Mozilla files that seem to originate from it's folder in my laptop as riskware. Is this something I should make exceptions for? Or is it ris… (ďalšie informácie)

Malwarebytes keeps blocking Mozilla files that seem to originate from it's folder in my laptop as riskware. Is this something I should make exceptions for? Or is it riskware. I'm running Win 11

Otázku položil(a) Fran Turner Pred 1 mesiacom

Na otázku odpovedal(a) jscher2000 - Support Volunteer Pred 1 mesiacom

  • Vyriešené

Simple Tag Groups extension: security and privacy concerns surrounding its permission requests.

Hi all, I have a question regarding the permission requests of the Simple Tab Groups extension by Drive4ik. As I'm sure many of you know, this extension needs to: This … (ďalšie informácie)

Hi all,

I have a question regarding the permission requests of the Simple Tab Groups extension by Drive4ik.

As I'm sure many of you know, this extension needs to: This add-on needs to:

  • Download files and read and modify the browser’s download history
  • Monitor extension usage and manage themes
  • Display notifications to you
  • Access recently closed tabs
  • Hide and show browser tabs
  • Access browser tabs
  • Store unlimited amount of client-side data
  • Access your data for all websites

This add-on may also ask to: Read and modify bookmarks

Theoretically, I find this extension useful but I am concerned about the "Access your data for all websites" requirement. I read through Mozilla's permission request messages for Firefox extensions documentation and it seems like granting this extension these permissions would be a huge risk for the work I do– investigative journalism. It seems like I'll trade organizational benefits for a wider attack surface.

Can anyone speak more about the risks involved with using this extension, the trustworthiness of the developer, and why it needs the "Access your data for all websites" capability?

Thank you.

Otázku položil(a) secure.amaretto120 Pred 1 mesiacom

Na otázku odpovedal(a) secure.amaretto120 Pred 1 mesiacom

  • Vyriešené
  • Archivované

How to setup ESNI in Firefox 91 on Windows

After watching this video https://www.youtube.com/watch?v=mAfY_bNJTBI i went to https://www.cloudflare.com/ssl/encrypted-sni/ and did the test. Result is 3/4. (See screen… (ďalšie informácie)

After watching this video https://www.youtube.com/watch?v=mAfY_bNJTBI i went to https://www.cloudflare.com/ssl/encrypted-sni/ and did the test. Result is 3/4. (See screenshot below) Secure DNS, check DNSSEC, check TLS 1.3 check Enrypted SNI, fail In Firefox i tried doing exactly what the person did in the video but i dont have the settings he is showing in about:config Why is that? (Below you can see the screenshot, those settings are missing from about:config)

So my question reamins simple, how can i enable Enrypted SNI in Firefox?

Otázku položil(a) Firefox_Beginner Pred 3 rokmi

Na otázku odpovedal(a) cor-el Pred 3 rokmi

  • Vyriešené

Pop Up ?

What is this window called? When this window started popping up a couple of months ago, I noticed a couple of odd things happening on a website I go to. It would not let … (ďalšie informácie)

What is this window called? When this window started popping up a couple of months ago, I noticed a couple of odd things happening on a website I go to. It would not let me pay them. It would look like it was going to then a white screen would pop up ans say" if you see this window then you ...........". I then have to pay on the phone or chrome. I have whitelisted the site but still does it.

Otázku položil(a) miso1 Pred 2 mesiacmi

Na otázku odpovedal(a) jscher2000 - Support Volunteer Pred 2 mesiacmi

  • Vyriešené

How to stop prompts for location permission when turned off by admin?

Hi, I just installed Windows 11, version 24H2 and now in Firefox I'm continually prompted with "Awaiting Location Permission, Grant Firefox location permission in system … (ďalšie informácie)

Hi, I just installed Windows 11, version 24H2 and now in Firefox I'm continually prompted with "Awaiting Location Permission, Grant Firefox location permission in system settings".

The problem that location has been turned off by admin on this computer. How can I stop these continual prompts from Firefox? I have checked the box in Settings to block location requests from new websites but am still getting the prompts.

Thank you.

Otázku položil(a) cdeland Pred 2 mesiacmi

Na otázku odpovedal(a) cor-el Pred 2 mesiacmi

  • Vyriešené

Browsing data and Cookies. Not deleting.

Hey all. Please help. Periodically I delete my cookies and site data thus... Preferences/Privacy & Security/Cookies and Site Data/Clear Data. I used to use an add o… (ďalšie informácie)

Hey all. Please help.

Periodically I delete my cookies and site data thus... Preferences/Privacy & Security/Cookies and Site Data/Clear Data. I used to use an add on for this but it stopped working.

Today it says I have "Temporary and cached files 1.3 MB". But it says that after Clear Data. It says it after I quit and restart Firefox. And I still says it after restart the computer. My Manage Data... and Manage Exceptions... boxes are empty. I have tried running Antivirus Zap Pro, which doesn't find anything sinister. How can I get rid of it... whatever it is? Can I access the folder and delete it manually?

I'm on an old Macbook Air, running Monterey. With the latest Firefox 132.0.2

Thanks in advance.

Otázku položil(a) strewth101 Pred 2 mesiacmi

Na otázku odpovedal(a) strewth101 Pred 2 mesiacmi

  • Vyriešené

I accidentally sent a crash report, how can I request it to be removed?

My firefox browser froze and i accidentally sent the crash report. Is there any way to request it to be removed i cant find any form or email to ask for deletion. Thanks… (ďalšie informácie)

My firefox browser froze and i accidentally sent the crash report. Is there any way to request it to be removed i cant find any form or email to ask for deletion.

Thanks in advance for all the answers!

Otázku položil(a) john2312555 Pred 2 mesiacmi

Na otázku odpovedal(a) jscher2000 - Support Volunteer Pred 2 mesiacmi

  • Vyriešené

How to Delete Anysearchmanager

Anysearchmanager (ASM) now appears as my search engine when I log on even though duckduckgo is still designated as my default in Firefox. At no time have I elected to us… (ďalšie informácie)

Anysearchmanager (ASM) now appears as my search engine when I log on even though duckduckgo is still designated as my default in Firefox. At no time have I elected to use the unsecure ASM. It does not appear in my applications folder and I can't get to it via disable/delete extensions in Firefox. I can still access duckduckgo if I manually override ASM, but that is a pain. And ASM does not show up on Malwarebytes scans.

How can I purge ASM?

Thanks for your help!!!

David

Otázku položil(a) jonesds52 Pred 2 mesiacmi

Na otázku odpovedal(a) jscher2000 - Support Volunteer Pred 2 mesiacmi

  • Vyriešené

Since update: Firefox prevented this page from reloading error

Since the update I've had a few issues, most I was able to fix but this one eludes me. Opening up various news sites I get the "Firefox prevented this page from reloadin… (ďalšie informácie)

Since the update I've had a few issues, most I was able to fix but this one eludes me. Opening up various news sites I get the "Firefox prevented this page from reloading" error at the top and clicking allow does nothing. Anyone know how to get around this error? I'm not looking to totally disable the FF feature that prevents other pages from loading a different one, but just to browse the website after hitting 'allow'.

Thanks in advance.

Otázku položil(a) w2dsx Pred 2 mesiacmi

Na otázku odpovedal(a) cor-el Pred 2 mesiacmi

  • Uzamknuté

Browsers should SLOW DOWN their release cycle and release Secure debugged software

duplicate of /questions/1474560 thread I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static … (ďalšie informácie)

duplicate of /questions/1474560 thread

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of switching between browsers to escape hacking attempts.

Otázku položil(a) Victor Pred 2 mesiacmi

  • Uzamknuté

Browsers should SLOW DOWN their release cycle and release Secure debugged software

duplicate of /questions/1474560 thread I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static … (ďalšie informácie)

duplicate of /questions/1474560 thread

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hacking attempts.

Otázku položil(a) Victor Pred 2 mesiacmi