Originally posted by ssokolow
View Post
Announcement
Collapse
No announcement yet.
Firefox 120 Ready With Global Privacy Control, WebAssembly GC On By Default
Collapse
X
-
Originally posted by pgeorgi View Post
From the MDN link I posted in comment #1, it seems that the "Global Privacy Control" is about third party sharing (or selling) of data, while "Do Not Track" is about, well, tracking. Those are very similar but not quite the same (sharing with third parties might be for non-tracking purposes, tracking could be done by the first party).
The other aspect is that Microsoft poisoned the well for DNT when they made it default-on in IE10 (https://en.wikipedia.org/wiki/Do_Not...ng_controversy). With that, website operators started claiming that "how are we supposed to know that it's a user intent? Let's track!!!1" Just using a new name might be enough to reset the clock on that, although recently there was finally a lawsuit where "we ignore DNT" had consequences (https://stackdiary.com/german-court-...track-signals/)
The only ways to solve adtech are prison and penury.
Comment
-
Originally posted by ssokolow View PostAnywhere we can read up on the exploit in question? I know I haven't clicked any links like that, but I'm curious whether having uMatrix apply Javascript whitelisting and running Firefox inside Flatpak would have tripped it up.
i have the exploid on my harddrive but i need to perform desaster recovery.
i did know after 10seconds something is wrong and like 1-2 minutes later i plucked off the power.
i was informed the attackers plan to leak/release my search history and chatlog of telegram and whatsapp. and whatever they could get in this short time.
Flatpak Firefox in a sandbox would maybe stop harddrive access but if you have web telegram and web whatsapp open they get this anyway...
blocking or disable javascript makes the web unuseable but some people use noscript and whitelist trusted websites...
i also think native firefox will disapear in fedora and they make flatpak firefox the default.
Phantom circuit Sequence Reducer Dyslexia
Comment
-
Originally posted by qarium View Postthe Vulnerability was in the language package of firefox.
Originally posted by qarium View PostFlatpak Firefox in a sandbox would maybe stop harddrive access but if you have web telegram and web whatsapp open they get this anyway...
Originally posted by qarium View Postblocking or disable javascript makes the web unuseable but some people use noscript and whitelist trusted websites...
Comment
-
Originally posted by ssokolow View PostI guessed that. I was wondering how the exploit works.
I guessed that. I was wondering what their goal was (i.e. how much OS access they needed to achieve their trojan-ing goals), which you just explained.
uMatrix is like NoScript on steroids. It lets you do stuff like saying "Allow frames from foo.com on site X but not site Y. Allow JavaScript on Site X when I navigate to it in the address bar but not when it's used for third-party assets on other sites. etc. etc. etc."
and in 3 days i will order a new SSD for my computer. after that i will try to find out what happened extracting log files checking the autostart function what was installed to start after next boot.
if i find something i will send it to Citizen Lab.
"how the exploit works."
at this point i honestly don't know.
i will try to find out.Phantom circuit Sequence Reducer Dyslexia
Comment
-
Originally posted by ssokolow View PostI guessed that. I was wondering how the exploit works.
CVE-2023-6212
"
CVE-2023-6212
Memory safety bugs present in Firefox 119, Firefox 115.4,...
Unreviewed Published Nov 21, 2023 to the GitHub Advisory Database • Updated Nov 23, 2023
Package
No package listed— Suggest a package
Affected versions
Unknown
Patched versions
Unknown
Description
Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.
References- https://nvd.nist.gov/vuln/detail/CVE-2023-6212
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1 856072%2C1856091%2C1859030%2C1860943%2C1862782
- https://www.mozilla.org/security/adv...s/mfsa2023-49/
- https://www.mozilla.org/security/adv...s/mfsa2023-50/
- https://www.mozilla.org/security/adv...s/mfsa2023-52/
- https://www.debian.org/security/2023/dsa-5561
Published to the GitHub Advisory Database Nov 21, 2023
Last updated Nov 23, 2023
Severity
Unknown
Weaknesses
No CWEs
CVE ID
CVE-2023-6212
GHSA ID
GHSA-4cv2-qh42-x2j4
"Phantom circuit Sequence Reducer Dyslexia
Comment
Comment