On Thu, Oct 10, 2024 at 11:19 AM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: > I checked Koji and there seems no build in process to fix this 0-Day exploitation in firefix > > https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ > > The "News" about it is already out and exploited: > > Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. > > The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. > > "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla said in a Wednesday advisory. > > "We have had reports of this vulnerability being exploited in the wild." > > > Can one assist Martin and start the build process? > > I send Martin a message, in hope he read it earlier than the list / br ones. > > > From My POV: NoScript will negate the attack on untrusted websites. But ADs on trusted websites will be the most used way to exploit this. Don't Panic. https://src.fedoraproject.org/rpms/firefox lists 131.0-2 in all branches, https://koji.fedoraproject.org/koji/packageinfo?packageID=37 lists a dozen of 131.0-2 builds as well. Sent from a $ rpm -q firefox firefox-131.0-2.fc40.x86_64 -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue