Author

Topic: Critical/High Vulnerabilities in Mozilla Firefox/Tor Browsers! (Read 183 times)

newbie
Activity: 52
Merit: 0
Tor has long been an insecure browser.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
It literally means nothing. Just, what, 1, 2 more posts you need to make now to reach your previous quota?

All the security threads tend to get moved to this board. It's another reason why you should lobby for a Cybersecurity and Privacy board (https://bitcointalksearch.org/topic/discussion-cybersecurity-and-privacy-board-poll-request-v1-5434404).


I honestly didn't expect that from you - you conclude that I wrote it because I'm angry that a couple of my posts ended up off-topic? Maybe if you look at how many posts I write per week, then it wouldn't occur to you to mention a post quota...

All security topics?

https://bitcointalksearch.org/topic/warning-comments-on-github-to-push-crypto-stealing-malware-5508261
https://bitcointalksearch.org/topic/warning-styx-another-crypto-wallet-stealer-5507817
https://bitcointalksearch.org/topic/warning-cthulhu-stealer-malware-for-macos-5507576
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Thanks to whoever reported this topic to be moved where far less people will see it - some people really do have malicious intentions on this forum... but karma is merciless and it will catch up with you all Wink

Healthy doses of karma may upset ones stomach.

It literally means nothing. Just, what, 1, 2 more posts you need to make now to reach your previous quota?

All the security threads tend to get moved to this board. It's another reason why you should lobby for a Cybersecurity and Privacy board.
hero member
Activity: 1223
Merit: 506
This is who we are.
Thanks to whoever reported this topic to be moved where far less people will see it - some people really do have malicious intentions on this forum... but karma is merciless and it will catch up with you all Wink

Healthy doses of karma may upset ones stomach.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Thanks to whoever reported this topic to be moved where far less people will see it - some people really do have malicious intentions on this forum... but karma is merciless and it will catch up with you all Wink
hero member
Activity: 1190
Merit: 901
Livecasino.io
The responses that I have  received on my comment from PrivacyG, ABCbits, and Lucius are such an eye opener and very expository. And the thought that crossed my mind which I found myself thinking about is that it is possible that my browser is already exposed to some of this vulnerabilities however they are either not causing any damage yet because they are yet to be activated or they are already causing some damage, nevertheless slowly without a trace.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed?
~snip~

It is obvious that these vulnerabilities have existed for who knows how long, the only question is who discovered them first, the good guys or the bad guys? Given that users are exposed to such vulnerabilities even while they are just surfing, then we should not be too surprised by stories in which people claim that their coins mysteriously disappeared from their wallets even though they did not make a single wrong step.

All this is more reason to raise our security to an even higher level, perhaps even to the extent that we don't use our crypto wallets on the computer where we surf - which, of course, is a difficult mission for many.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed?

Nobody knows for sure. But if it was widely used by criminal, we would find such news or report.

There are way too many vulnerabilities out there in the world for all of the criminals in the world to exploit at once, so what they tend to do is figure out which ones will reach the most users and exploit them, or at least try to, until the security researchers plug that hole. And then the cycle continues. Sort of a cat-and-mouse game if you ask me, but the only ones that actually go on to harm a lot of people are the very popular vulnerabilities that are never patched (Windows.....)
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed?

Nobody knows for sure. But if it was widely used by criminal, we would find such news or report.

What I am wondering is.  Was I safer during this Exploit as a Non Java Script user?

Safer? Yes. But not all vulnerability related with JavaScript. For example, https://www.mozilla.org/en-US/security/advisories/mfsa2022-28/ shows some which doesn't use JS.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Is there any instructions regarding Chrome browser ?

Chromium is using a completely different engine to Firefox and as such any vulnerabilities found in one will not be present in the other unless the vulnerability came from a flaw in the Javascript environment that they both support. And even then, that would be a website vulnerability such as in Wordpress. For an actual OS vulnerability they would have to find different ways of breaking out of each sandbox.
full member
Activity: 126
Merit: 93
I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed? Secondly, in my estimation set one's browser to auto- update could protect a user from these security issues and it should always be left turned on. There are more vulnerabilities in browsers that are yet to be exposed than. We already know of and everyone has to take responsibility for their own security.
If so, the possibility of personal data being stolen by hackers cannot be ruled out. Online data users should be updated to follow practical procedures to manage all wallet related and personal account related activities.

Is there any instructions regarding Chrome browser ?
legendary
Activity: 882
Merit: 1873
Crypto Swap Exchange
I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed? Secondly, in my estimation set one's browser to auto- update could protect a user from these security issues and it should always be left turned on. There are more vulnerabilities in browsers that are yet to be exposed than. We already know of and everyone has to take responsibility for their own security.
There are groups of bad actors of course who try and desperately look for Vulnerabilities as a 'day job' so they can find ways to Scam, Expose or what ever else.  There are also Code readers who find vulnerabilities that were not found or mentioned before.  There are even groups of people who are looking for Vulnerabilities so they could sell them for a hefty Price.

This can go a very long way.  Imagine you were a Terrorist planning an attack and Tor was the Browser you were using every single day to research information.  The CIA is suspecting you already, but you feel safe browsing Tor.  There surely are departments in the C.I.A. with employees whose job is to particularly find Vulnerabilities in Tor well before they are found by Programmers working on Tor.  This means you may be subjected to an attack of the C.I.A. while, in your own mind, thinking you are using Tor safely.

Now of course this can happen to any of us.  There could be groups of people attacking me right now for all I know.  This is a very long story to write anyway.

What I am wondering is.  Was I safer during this Exploit as a Non Java Script user?
hero member
Activity: 1190
Merit: 901
Livecasino.io
I wonder if it is just me or has anyone else thought whether these vulnerabilities have already been used for a long time before being exposed? Secondly, in my estimation set one's browser to auto- update could protect a user from these security issues and it should always be left turned on. There are more vulnerabilities in browsers that are yet to be exposed than. We already know of and everyone has to take responsibility for their own security.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
@ABCbits, both browsers have an automatic update option, but I'm not sure if it's turned on by default - although the second option that is turned on in that case is for the user to be notified that there is an update, but then to start it with a "manual" update.

Personally, I always use this second option because I always check what the new update brings and then decide if I want to install it immediately or later. In this case, there is no doubt that the new version should be downloaded as soon as possible without delay.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
If you have automatic update enabled in your browser, it will update itself after which it needs to be restarted - for manual update, click on the tab Help -> About browser.

Doesn't both Firefox and Tor Browser enable auto-update by default these days? IMO most user can rest easy, unless
1. They manually disable auto-update feature.
2. Install Firefox from platform such as Microsoft Store or apt which may be slower to release update and makes built-in auto-update can't be used.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
For all those who use Mozilla Firefox and all browsers based on the same (Tor), it is recommended to update to the latest version as soon as possible due to the upgrade that disables vulnerabilities that are marked as Critical/High because they allow an attacker to run code or install software without any interaction with the user and to collect sensitive data without the user's knowledge.

If you have automatic update enabled in your browser, it will update itself after which it needs to be restarted - for manual update, click on the tab Help -> About browser.



Source
Jump to: