Clickbaity title.
Mozilla has provided an update to Firefox version 118.0.1 to close a vulnerability that is already being used to attack Chrome users.
For the second time this month, Mozilla has to patch a 0-day vulnerability in Firefox that initially seemed to affect only Chrome and its derivatives.
Yes it’s being exploited, yes you should update, but the vulnerability is not actively exploited in Firefox as far as we (they) know of.
118.0.1 was first released on Sept 28 too, so this isn’t exactly breaking news.
I was wondering if this happend again so soon, since I already updated last week.
Last time this story was posted, this was two updates ago. So unless you haven’t upvoted in months, it’s a non-issue.
It should also be noted here (you know, TL;DR) that it’s also fixed in:
Firefox ESR 115.3.1
Firefox Focus for Android 118.1
Firefox for Android 118.1
Thunderbird 115.3.1https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
And Tor Browser 12.5.5 which has backported the security fixes from Firefox ESR 115.3.1.
Anyone using Tor browser should know that they should check it’s updating status before using it. Thankfully it checks itself but still, stay up to date before you browse.
If anyone wants an easy way to stay on top of browser updates on Android ffupdater does a great job tracking releases for the whole Firefox ecosystem as well as forks and TOR tools.
https://github.com/Tobi823/ffupdater
I have it setup to update Firefox Beta, Mull and Orbot for me as soon as new releases drop.
Obtanium is really good option too and can handle more than just browser updates. Pretty much any Android APK release can be setup and it supports a wide variety of different repository sources.
Does that update significantly sooner than the play store or is it mainly for people who don’t like to use the play store? Mine is on 118.1 and my play store update history says 3 days ago.
The Play release cycle is a little bit randomized. Sometimes releases take a few days or a week to filter out to users. ffupdater pulls as soon as any of its sources are available and it runs a check (I have mine set to check every 6h.) You’ll typically get releases the same day the binary becomes available. I can’t think of a time the play store has had a release of the Firefox Beta before I’ve updated with ffupdater.
I love Fennec, but really hate fdroid’s build system. It means when they push an update, it can take up to a week for it to actually be downloadable from fdroid. Yet Mull is based on Fennec and can be updated within a day or two, because they’re in the IzzyOnDroid fdroid repo.
Actually it’s more then a week, because checking right now, Fennec is still on 117.1 which came out 9/22. That’s a massive security issue for a web browser.
Is this why I’ve been getting the moz:developer thingy before site loads?