搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

how do I check if I was affected by latest security bug

  • 4 回覆
  • 2 有這個問題
  • 3 次檢視
  • 最近回覆由 Happy112

more options

I have been using firefox 48.0.2 while the latest security threat came into news. Now I have updated already, but how can I make sure that nothing happened during the period while I was using older version of firefox? I do use noscript addons.

I have been using firefox 48.0.2 while the latest security threat came into news. Now I have updated already, but how can I make sure that nothing happened during the period while I was using older version of firefox? I do use noscript addons.

被選擇的解決方法

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications.

for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...

從原來的回覆中察看解決方案 👍 0

所有回覆 (4)

more options

Hi &nsp; !

As long as you haven't downloaded or clicked on anything suspicious,   like fake updates,  you have nothing to worry about.
You're apparantly on the alert for these kind of things:   good for you   !

more options

選擇的解決方法

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications.

for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...

more options

Happy112 said

Hi &nsp; !
As long as you haven't downloaded or clicked on anything suspicious,   like fake updates,  you have nothing to worry about.
You're apparantly on the alert for these kind of things:   good for you   !

philipp said

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications. for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...


Thank you.

more options

androdebugur said

Thank you.

That is so sweet and highly appreciated   !