Firefox 社群討論區

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patched. Any payload with ‘/JS’ taken from https://github.com/luigigubello/PayloadsAllThePDFs/tree/main will do. Since this is probably important – FontMatrix is *not* working (no JS), original PoC (https://codeanlabs.com/wp-content/uploads/2024/05/poc_generalized_CVE-2024-4367.pdf) is also *not* working. I also wasn’t able to call an external script and so far haven’t found any path to exploit it beyond an alertbox. However, it still bothers me a lot and I’d like to know whether it’s the correct, expected behavior with FF+pdf.js, is it a vulnerability, or maybe my browser was somehow corrupted or is using some other mechanism that’s not within your control (my settings? about:config?).

Steps to re-create: 1. Open file in notepad 2. Add ‘/OpenAction 99 0 R’ after ‘lang’ in ‘1 0 obj section’ 3. After ‘endobj’ add ‘99 0 obj <</Type /Action /S /JavaScript /JS (app.alert\(1\);)>>’ 4. Result – alertbox popping twice

Hello, in Firefox some Geek fonts are displayed as square shapes, in other browsers e.g. Safari are same characters on same website are displayed normal, using the last update of Firefox 128.6.0 Firefox ESR , is there any solution? Thanks

Recently upgraded to Firefox ESR 128.6.0. I can no longer see images. The "ALL" page has text where images would have been displayed. The "Images" page just shows place holders. If I click on an image I again see a placeholder. If I click on View FIle I can see the image as it takes me to the remote site that hosts the image.

This affects DDG only as far as I can tell. I've tried other search engines, but not other browsers as all chome based browsers are blocked.

If I go to any other website, for the most part images are rendered correctly. There is always the occasional image that doesn't show, but that's been that way for years.

I've cleared my cache/cookies. Reset the settings. But no luck.

I restored my previous 115 and 102 esr profiles (first uininstalling firefox then installing the requisite version of Firefox), and images work fine in those versions. This issue is only present in 128esr.

Any ideas on what might be the issue? thank you in advance.

Hello, I am experiencing unexpected behaviour with local storage in Firefox Portable ESR 102.1.0 on Windows 11. In particular, the data is not deleted as expected after closing the application, even after clearing the cache in my code, the data persists when I open the application the next time. This behaviour is observed under windows10 but is common under windows11.

I suspect that this issue may be related to:

• Interactions between Firefox Portable's cache management and Windows 11's system-level caching
• Specific behavior of the ESR 102.1.0 version on Windows 11

I would appreciate it if you could investigate this issue and provide any insights or solutions.

Dear Sir,

Firefox is not working with Rabby Wallet and Metamask extensions.

It does no pop-up the window to see the transaction and sign it. Firefox 134.0.1 (64-bit). Windows 10 Home.

On Metamask at least I can click on the pinned extension and see the window. However it´s not the expected behavior, because it should open the pop-up automatically. With Rabby wallet it is impossible to proceed, even clicking on the extension icon.

Please fix it.

Hi, with Debian 12 every time I open Firefox ESR (128.6.0esr) in background opens a terminal window (seems to be a kind of log actions) This terminal if i close it terminates the Firefox too. I could not find an explanation of this behavior in the internet. Thankful for Your advice to get rid of this problem.

I have just got a new laptop and installed everything in relation to Firefox onto it. I have used the Nordpass extension for a couple of years and on the old laptop this is version 5.23.13 updated 16/10/24. On visiting the add-on and extension site today there is only a legacy version 4.33 updated 2y ago which clearly no longer works. Where has it gone. Clearly I am going to ask the same question of Nord, but I hope you can help.

Background: I need to run an enterprise web app on selected PCs and Macs, the browser will not be used for browsing, do not highlight security risks.

I must absolutely use Firefox 48 because it is the latest version to support showModalDialog()

I installed Firefox 48 on Windows and everything is ok, it works as it should.

On MacOS Sequoia, on the other hand, Firefox starts, the menus in the “Apple” bar at the top are usable, but the browser window is totally transparent, only the border and title bar are slightly visible.

I read on the support forum that it might be enough to disable hardware acceleration, but I can't do that because the options page doesn't even show!

Secure Connection Failed

An error occurred during a connection to services.nidw.gov.bd. SSL peer was not expecting a handshake message it received.

Error code: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

I kept receiving notice for automatic update to esr version until yesterday 1-12-25, I believe it stated book marks would be automatically included. Now today I have to go in manually to get update but unknown of all by bookmarks will follow as well. My old version 109.1 64 bit. Thank you.

I use a 2009 Mac Mini running OS 10.11.6 dedicated for streaming. I was prompted to update Firefox to ESR which I did, replacing the older version of Firefox. The new version will not open.

It was the only browser I had. Can I undo the installation? Or download 78.15.0 somehow to restore the functionality of this Mac?

I can not update Firefox because my computer is MacPro Version 10.11.6. My computer will not accept new versions of its operating system. And your Firefox updates will not work on my version. So I am using 78.15.0esr . I do not know what to do - since I can not afford nor do I want to replace my MAC. All my important software is on it. All my important documents are on it. And it works beautifully.

I will have to continue to use Firefox 78.15.0esr . Can you suggest any alternatives for me?

Truly, Barbara Bancroft (Babs)

115.19.0esr on Windows 7 It appears todays update hosed about half of my desktop icons. Each icon still launches their program, but the icon is the generic image. Coincidence?

I downloaded 115.18.0esr and installed it and all my icons are back to normal.

I dont know what happened, or what I did or the update did. I installed the update from inside the browser help screen, not a separate download.

fwiw

Hello,

as the title states I did an update which automatically moved me to ESR. There was no warning given whatsoever that the profil, booksmarks basically everything would be deleted.

I checked every Mozilla Firefox file I could find (main drive, app data, default profil) - and could find nothing dated before today at all.

I need all that information back - yesterday. How do I do that?

Thanks in advance.

PS: Oh, and please no comments on why use an old OS. I also have Win10 - it can't handle what runs on this old system. :)

Hi! I need a biiig help here. I have a mac OS X Yosemite version 10.10.5 and I would like to keep using this computer. I installed the FireFox 128.5.2esr.dmg. I saved it to my applications but I click on the icon and nothing happens... My FireFox is not ok now... I open it, but doesn't appear the icons or so (top sites or highlights). Thank you!

Firefox is default browser. Have used McAfee Truekey for years with no issues. It has now disappeared from browser. Reloaded the app, and McAfee website tells me to activate it. How do I do this/ should I do this?