What is Nostr?
Erik van Straten /
npub1yzf…l3r7
2024-10-16 10:35:00

Erik van Straten on Nostr: A Firefox for iOS/iPadOS vulnerability that I reported months ago ...

A Firefox for iOS/iPadOS vulnerability that I reported months ago (https://infosec.exchange/@ErikvanStraten/113181487823109378) has finally been fixed in v131.2.

A thank you to Mozilla for fixing it; CVE-2024-10004 (https://www.mozilla.org/en-US/security/advisories/mfsa2024-54/) was assigned to this issue.

The vulnerability was that, under specific circumstances, Firefox would show a padlock without strikethrough for an http connection (see the images below).

To update Firefox for iOS/iPadOS, open https://apps.apple.com/app/firefox-private-safe-browser/id989804926; then double check that the Apple App Store app has opened, and that it is really the Firefox browser you're looking at (do not simply trust anyone, including me, who tells you to click on a link). Then tap the update button.

The update may also happen automatically, but that may take time.

npub1h74d7rkxxhpcr696e66xyfsuzmmdvzx6zu3ehnz28tnwgnrrmrtqy7z8hf (npub1h74…z8hf) npub1smvt66z9w0muq5pa0ws7qg3heg83eyhqj4qgx5m0kzh2l9k0nfzsem399s (npub1smv…399s)
#Firefox #iOSFirefox #CVE_2024_10004 #Vulnerability #Phishing



Author Public Key
npub1yzfshvmugq4nd4jhwve7hhwqzvvt7g9g23sharz5f5wdvg65r92qhql3r7