Posting due to a Security Risk involving some SSL/TLS choices involving PKCS7: the decoder is at risk.
Regards
N97
FireFox 128.7 115.20 esr & Firefox 135 update
FireFox 128.7 115.20 esr & Firefox 135 update
Last edited by bigpup on Wed Mar 05, 2025 5:28 am, edited 1 time in total.
Reason: removed abbreviations and provided complete full name
Reason: removed abbreviations and provided complete full name
From Netscape to AI scrape. We're running short of bandages.
Re: FF128.7 115.20 esr & FF135 update
Today, March 4th FireFox announced these security updates...
MFSA 2025-16 Security Vulnerabilities fixed in Firefox ESR 128.8 CRITICAL
MFSA 2025-15 Security Vulnerabilities fixed in Firefox ESR 115.21 CRITICAL
MFSA 2025-14 Security Vulnerabilities fixed in Firefox 136 HIGH
Due to 'CRITICAL' (highest risk: no interaction needed) Update Recommended
N97
From Netscape to AI scrape. We're running short of bandages.
Re: FF128.7 115.20 esr & FF135 update
I have recinded the most recent (Mar. 4th) recommendation to update... Some websites will BREAK the SSL/TLS authentication, and some will not verify as human.
Make a copy of the firefox, and .mozilla folders OFF the distro, in case of failure(s) then update. Revert to the copies if failure(s) occur.
Regards
N97
From Netscape to AI scrape. We're running short of bandages.
Re: FireFox 128.8esr update
With help from bugzilla.mozilla.org I have found the culprit to the broken tests/security-lapse.
In about:config use search term alpn
The setting was FALSE in my set-up.
It must revert to TRUE (default setting).
Upgrade to 128.8.0esr recommended after the repair.
But still... the ONLY thing altered was the update... the false setting worked 128.7
and I ignored the suspect alpn setting. Possibly a memory-safety bugfix that usually is not detailed.
From Netscape to AI scrape. We're running short of bandages.