fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

11K
active users

Can anyone confirm if dom.animations-api.timelines.enabled=false fixes CVE-2024-9680?

It's so utterly stupid that infosec press is all "update to latest shit from vendor" rather than "here's how to turn off the useless feature nobody asked for that the vulnerability is in".

If my proposed about:config mitigation doesn't work, I guarantee there's an extension based approach that blocks access to the vulnerable API in any version of the browser rather than requiring accepting whatever new version is offered.

Chris Gioran 💔

@dalias Especially now that Mozilla has made it clear that any version can undo your privacy settings or introduce new horrors.

@chrisg Yes. Given the direction the Mozilla org is taking, automatic updates or updates without critical review are a non starter.

*nod*, the uncritical acceptance of updates paves the way to software enshittification

@dalias I've been outsourcing my critical review to @librewolf for the last few releases.

Librewolf is essentially doing to Firefox what the Mozilla Suite did to Netscape 20 years ago: providing the same tool but minus all the corporate garbage.