We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

how do I check if I was affected by latest security bug

  • 4 ответа
  • 2 имеют эту проблему
  • 3 просмотра
  • Последний ответ от Happy112

more options

I have been using firefox 48.0.2 while the latest security threat came into news. Now I have updated already, but how can I make sure that nothing happened during the period while I was using older version of firefox? I do use noscript addons.

I have been using firefox 48.0.2 while the latest security threat came into news. Now I have updated already, but how can I make sure that nothing happened during the period while I was using older version of firefox? I do use noscript addons.

Выбранное решение

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications.

for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...

Прочитайте этот ответ в контексте 👍 0

Все ответы (4)

more options

Hi &nsp; !

As long as you haven't downloaded or clicked on anything suspicious,   like fake updates,  you have nothing to worry about.
You're apparantly on the alert for these kind of things:   good for you   !

more options

Выбранное решение

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications.

for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...

more options

Happy112 said

Hi &nsp; !
As long as you haven't downloaded or clicked on anything suspicious,   like fake updates,  you have nothing to worry about.
You're apparantly on the alert for these kind of things:   good for you   !

philipp said

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications. for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...


Thank you.

more options

androdebugur said

Thank you.

That is so sweet and highly appreciated   !