Diễn đàn hỗ trợ Firefox

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patched. Any payload with ‘/JS’ taken from https://github.com/luigigubello/PayloadsAllThePDFs/tree/main will do. Since this is probably important – FontMatrix is *not* working (no JS), original PoC (https://codeanlabs.com/wp-content/uploads/2024/05/poc_generalized_CVE-2024-4367.pdf) is also *not* working. I also wasn’t able to call an external script and so far haven’t found any path to exploit it beyond an alertbox. However, it still bothers me a lot and I’d like to know whether it’s the correct, expected behavior with FF+pdf.js, is it a vulnerability, or maybe my browser was somehow corrupted or is using some other mechanism that’s not within your control (my settings? about:config?).

Steps to re-create: 1. Open file in notepad 2. Add ‘/OpenAction 99 0 R’ after ‘lang’ in ‘1 0 obj section’ 3. After ‘endobj’ add ‘99 0 obj <</Type /Action /S /JavaScript /JS (app.alert\(1\);)>>’ 4. Result – alertbox popping twice

Ever since Facebook started infesting the chats with end-to-end encryption (random chats get "Messenger upgraded the security of this chat. Messages and calls are secured with end-to-end encryption" without my permission or asking if I want this), any encrypted chats have audio and video calls disabled. I note that I have ONE friend for whom it didn't do this, I can still do calls with her. If I receive a call, I get a pop-up saying that to receive this call I must download the Messenger app (no way) or a browser which supports it. If I check what browsers it thinks supports this, it only lists Chrome and Edge. As far as I know Edge is just Internet Explorer renamed, the biggest black hole in security, I've never touched it. Chrome ignores industry standards, so I don't use it. Making Firefox the best, top browser available. It's the only browser I wish to use. Mozilla needs to look into how to get Facebook to stop blacklisting Firefox like this. Note that this E2EE garbage has only been infecting things for the last few months, before that I was perfectly able to do any calls I wished in Facebook Messenger.

Why didn't you tell me when you asked me to reset my password that it would wipe out all of my sync data????😰😠😭

If I would have known I would have just waited to try my password again later.

There must be a way. This just happened the whole reason why I signed in was to sync my data to my new phone. PLEASE recover my data!!!!!!!

And pls change ur UI to say in when asking if you want to change ur email password that it may wipe all ur data and nothing will be available!!!

There must be a way. This just happened and I can prob recall my old password. Can it be rolled back to yesterday's settings?? Or the setting even from this morning?

🙏 Thanks

Hi there, I just got a new work laptop and tried to sync my firefox browsers so I could keep my passwords and bookmarks from my old laptop. Unfortunately I forgot my password, so I had to reset it on my new device. I logged in again on my old laptop but it's still not syncing or updating the bookmarks on the new laptop. Is there any way to move my bookmarks and passwords over to my new laptop? Thanks!

The font size in "Manage Bookmarks" is way too large, both in the sections list menu on the left and the list of bookmarks. I checked my userChrome.css file as well as the layout.css.devPixelsPerPx entry in about:config and there's nothing there to explain why only the "Manage Bookmarks" text is so large.

It's possible I changed a setting somewhere that's causing this. But I'm stumped re: what setting might be controlling the font size in only that UI. All other Firefox text sizes are good.

Thanks to anyone who knows where I should be looking

Firefox 134.0.1 (64-bit) Windows 10

Hello to all,

I wanted to use DoH (dnsforge.de) under “maximum protection”, but with one exception: I would like Ecosia.org to be able to place ads for me, because I am convinced of Ecosia and want to support this project. Tested this with Cloudflare as well, setting up an exception here does not work either.

Now the exception set in Firefox has no effect. It should not be due to the DNS provider, because Ecosia.org is not blocked and has even been whitelisted.

What is the expected behavior of the “maximum protection” setting?

Kind regards

Hi Win10 PC fully up to date. Changed my printer from a Xerox to an HP laser. In the control panel, set the HP as the default printer. MS Office prints on the HP without prompting. Firefox (134.0.2) always defaults to the Xerox. The HP is available in the drop down box. Restarting the PC or reloading Firefox makes no difference, Firefox always defaults to the (non existent) Xerox. MS Edge defaults to the HP. Any ideas? Regards - Andrew