Firefox Zero-day (CVE-2024-9680) #227
Comments
|
We will update as quickly as possible, but the disclosed vulnerabilities do not immediately put your device at risk. |
|
It's been 1 month |
|
Update: It's been confirmed it is being exploited in the wild. |
|
So... |
|
Oct 11, 'as quick as possible'. December 9... |
|
Hello, after three months the urge to get the latest version is slowly rising. |
|
im still waiting, for now i temporarily use Firefox mainline |
|
Latest update to my system purged this from existence as it should |
|
FYI Arch repos are now just a redirect to plain firefox due to this |
|
^ This is the way 👌 |
The developers of these projects have a noticeable tendency to release updates at a very slow pace. For instance, the Thorium project took an extremely long time to resolve an issue related to profiles, which then came back again and they took an extremely long time to resolve it again. It seems that their definition of releasing updates "as quickly as possible" differs significantly from what users with common sense might expect. I use both Thorium and Mercury on a daily basis, and I'm finding myself frustrated with their unreliability and with how many CVEs they might have due to the extremely long timespan between updates. This is not just slow updates, this is extremely slow updates. I am seriously considering making a switch to Firefox for both my Windows and Linux systems. Firefox has consistently proven to be much much more dependable and timely with updates. This is just from an user's perspective and I do not intend to offend anyone. To clarify even further, I don't believe rebasing should be considered an issue in this context. We are dealing with a critical CVE with a severity score of 9.8 that requires -> immediate <- attention. The assertion that it was being addressed "as quickly as possible" only led to confusion. Additionally, the fact that Arch repositories now redirect to regular Firefox when you try to install Mercury should be significant to you. |
|
While developers' efforts are appreciated, please consider officially discontinuing this project because of the difficulty of keeping it up to date. Efforts could then be concentrated on Thorium. Old binaries should also be taken offline to guard against known and yet to be discovered vulnerabilities. This would be in the best interest of users. |
|
agreed, this project should be taken down, it's dangerous |
|
can someone do something? i mean pull request or something to help dev? i mean, its kinda shame if this porject was closed/taken down, and despite i want to do it, i dont have any idea how to do such thing |
|
I just switched to Firefox Nightly, I really can't be bothered waiting anymore for a massively dangerous CVE to be solved. Also uninstalled Thorium just in case. |
|
Still no updates? Are you alive? |
|
old mate got sucked into a vortex of doom |
Recently Firefox patched the CVE-2024-9680 zero-day in the following versions:
Currently Mercury is based on Firefox 192.0.02 which means it's vulnerable. My suggestion is due to low update activity to switch to Firefox's ESR release due to their slower, but more stable release cycle also reducing the need for you to update Mercury, if not at least update the browser to the latest Firefox version with the vulnerabilities patched, because according to Mozilla the vulnerability is already being exploited.
The text was updated successfully, but these errors were encountered: