Hello,

I do not believe that this exploit was ever possible (except for java web applets), as Firefox is written in c++ (I believe there is rust in there too)

This is about a specific Apache application that companies can run to log details about visitors on their servers. Firefox is a web browser and doesn't use this software, so unless you own a website that uses this Apache Log4J software then there is nothing to worry.

Hi Milo, if you conduct a search for log4j in the Firefox source code on https://searchfox.org/mozilla-release/source/, you will find that Firefox uses a JavaScript module named log4js. Despite the name similarity, from what I read, it does not have the problematic features of the log4j Java program. Here's what I found:

• URL required in Firefox source: https://registry.npmjs.org/log4js/-/log4js-6.3.0.tgz
• Main page for package: https://www.npmjs.com/package/log4js
• Security thread on Github repository: https://github.com/log4js-node/log4js-node/issues/1105

Let me know if you discover anything concerning.