FIREFOX isd not secure!!ditch it nowhttps://x.com/IntCyberDigest/status/2053792506807038270
>>108799022omg calculator.exe just flew over my desktop while i was kn my de-googled phone
>>108799022what if I ditch calculator instead
didnt the Rust runtime catch bukker owoflow or wat is happening in there dudositos
>>108799093the bukkake overflow happens in unsafe {} that's 99% of rust code but we should totally rewrite everything in it!!!!
you strike me as being a samefag. i truly do wonder as to lies on the other black mirror(s), but there's time to ponder about that later.>>108799022>In computer security, coordinated vulnerability disclosure (CVD), sometimes known as responsible disclosure,[1] is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible parties have been allowed sufficient time to patch or remedy the vulnerability or issue.[2] This coordination distinguishes the CVD model from the "full disclosure" model. <the bug was responsibly disclosed to Mozilla, ergo they would've reported it with the disclosure only occuring after the bug has been patched or something. GTHO my board you xitter screencapping parasitearchive.is/ALJeuthe researcher is @ggwhyp apparently (seems to be a burner acc) PoC: https://i.4cdn.org/wsg/1778503164999762.mp4
>>108799064calculator.exe just means you can run arbitrary executables or commands. combine that with a privilege escalation (which on troonix is as easy as farting in the general direction of the kernel) and you have a devastating exploit
>>108799022>WindowsThe average /g/ user is to retarded to use Windows, also stop with the twitter screenshots.
>>108799148nvm im retarded. it hasn't yet been fixed.>" I plan to publish a technical analysis report after the release build has been patched and an appropriate amount of time has passed to ensure safe public disclosure.">"My registration was rejected because the event had already reached full capacity.">t.ggwhyp/ggwhyp/status/2053801724977303983#marchive.is/K8Ope/ggwhyp/status/2053802123679420545#marchive.is/SpF0Z
probably introduced by their mythos "bugfixing journey." kwab
>>108799022remember to never update
>>108799022Unable to connectFirefox can’t establish a connection to the server at 127.0.0.1:8000
How come Mythos couldn't find this one?
>>108799022isn't disclosing that a bug like this exists already irresponsible?Knowing there is a bug somewhere already gives an attackers motivation and guidance on where to search
>>108799241Are you dumb?
>>108799255yea
>>108799022can you provide the html file, OP?
wait, didn't mythos just squash all the security bugs in firefox? how did it not find this? are we being lied to about mythos?
>>108799022Internet is not secure.Ditch it now.
>>108799271>are we being lied to about mythos?no, we just had no more tokens left, hehe
>still no HTML file providedYep it's fake and gay.
>>108799349@IntCyberDigest as a source afaik is legit. idk. the bug (allegedly) still hasn't been patched hence why there isn't a full disclosure, see: >>108799200
>windowsNot my problem
>>108799022oh my godoh my godoh my god
>>108799495>I plan to publish a technical analysis report after the release build has been patchedkys IntCyberDigest
Even if its patched it will still exploit a lot of users since much of Firefox's user base are "update paranoid". You can see the telemetry to see how many users are using old Firefox versions, all the way back to Firefox 56.
>>108799022IntCyberIncest is proven to be an Indian scammer. This isn't the first time he posts variation of this crap. This one example is vibecoded server that runs cmd when specified page is served.
>>108799022I only browse 4chan.org. Literally not my problem
>>108799533i definitely wouldn't consider them to be on point at all times but the fucker has been cited by vxunderground a few times and seems to be on point for the most part. sometimes they'd just dm PoCs or malwares or something a src mb but idrfk about how widespread misinformation is in the real sec scene. (not "oh think of the children" or other nonsense that normies care about)but i do know of atleast incident of mass disinfo being propagated by sec news channels. remember when cybernews reported a breach of 6B users and it turned out to be just multiple breaches taped into one? also their YT channel is literally just AI shit.>>108799551fedpost. some truth is there to it doe since retards will rather use a slightly modified FF fork that is basically 99.98% arkenfox. (librewolf)TOR uses the ESR branch but they're moving away from it.and no you cannot "see" the telemetry, not even Akamai PKI key signing keys.
I don’t care. Just take my computer. Whatever. My password is hqMm+6$?5S8U
>>108799022>no proof whatsoeverFake as fuck Google anti-Firefox propaganda.At least with the Microsoft anti-Linux propaganda you used real (although irrelevant) vulnerabilities.Pathetic.
>LE CRITICAL SECURITY BUG IN FIREFOX!!1>"it was responsibly disclosed to Mozilla">Mozilla Security reply:>"There have been no bug reports of this type in the last seven days.">conclusion: fakeI remember your last thread where you tried to create a hype around a very, very similar report. I think you used dark theme in Firefox back then. Get help, man.
i just uninstalled calculator.
>>108799788just delete cmd.exe
>>108799775He's probably paid to post shit like this and farm engagement.
Reminder that Mozilla has not fixed the bug I reported 3 days ago so they aren't actively reading Bugzilla anymore.
>>108799022This doesn't happen in Links
>>108799816Any Twitter account you see with a checkmark is. That's why retardation in this form runs absolutely rampant on that platform now. It used to be a different kind of retardation...
>>108799661>cited by vxundergroundBeing cited by infosec's biggest yapper and drama queen is not a positive signal.
>>108799022>Windows
i have security troon fatigueeven if an exploit like this works it'd be worth tens of millions of $ and thus only used on high value targets99.9999% of users aren't affected and never will, tone down your hysteria
>>108799960>shikoshikoshikoshikoshikowhat did they mean by this
>>108799965this, major skill issue
>>108799022how has this got 15 likes
Got a mail from Mozilla few minutes ago. They're working on a fix right now. This is Windows only exploit working only through localhost, so regular Firefox users are fine. Expect new point version release soon.
>My registration was rejected because the event had already reached full capacity.>No, the vulnerability can be exploited remotely without any user interaction required.
>>108800106
Jokes on them, I don't have a calculator in my system.
It would be interesting to do a body swap with one of those devs that is always panicking to fix security holes in software they wrote just to find out how the FUCK they are writing such shitty code that it has infinitely many security vulnerabilities that take decades to discover.
>>108799022>on windowsoh no...anyway
>>108799977sounds like a load of wank to me
surely you can avoid it adjusting settingsthey do not write about things likebrowser.tabs.unloadOnLowMemory
>>108799022No browser is secure. Mythos has found hundreds of exploits in a month.
>>108799153>which on troonix is as easy as farting in the general direction of the kernel) and you have a devastating exploitit's amazing how this board's collective of registered child sex offenders have no idea how any operating system works
>>108799022Firefox sandboxing is laughable and it doesn't even launch with hardened malloc enabled. Avoid if you care about security at all.
>>108804665how can a child be a sex offender retard
>>108805815>it doesn't even launch with hardened malloc enabledWhat do you mean? I don't use Firefox anymore, but it works on GrapheneOS and secureblue.
>>108799977
Patched Firefox 150.0.3 is released!
