Back

@met @fdroidorg vulnerabilities in browsers are found somewhat recently, but they are usually patched quick enough to not be a big problem

However, Fennec is still on version 129 on F-Droid, while Firefox already got version 131, so the vulnerabilities found in 129 have been there for longer and therefore more easily exploitable

The specific vulnerabilities existing in Fennec should be mentioned in firefox 130's patch, as far as I know

@hi_im_sorro @fdroidorg Web browsers almost always have some vulnerabilities it seems, with every update removing some and introducing new ones. Anyways, "the app should be uninstalled immediately" suggests it's a very exploitable set of vulnerabilities, so it would be nice for F-Droid users to be informed of/referred to the specifics without needing to scour the internet for more information. (I understand F-Droid is a volunteer project, so not blaming anyone for this, more of a suggestion.)

@sertonix @met There are no mitigations as far as we know, besides the usual advice of not browsing shady sites and using uBlock. Also note that the warning message is rather generic, so that users notice and ask for more info. We can discuss a better text in our Forum if need be.

@o_andras @met @fdroidorg 129 has the vulnerability

@eatham @met @fdroidorg ah I see, then the anti-feature text is misleading: "since 130"

@o_andras @met @fdroidorg it isn't misleading, it says "Firefox has **fixed** several security vulnerabilities since 130."

@eatham @met @fdroidorg aha!! thanks don't know how I missed that