@rysiek@signalapp excellent analysis. Fully agree that this attack doesn't match the average user's threat model and great suggestion that the probe can be eliminated by disabling read notifications. I would add that this is more of a Cloudflare bug. They should fix this.
Last night, about 21 hours ago, Manfred Paul demonstrated a security exploit targeting Firefox 124 at pwn2own.
In response, we have just published Firefox 124.0.1 (and Firefox ESR 115.9.1) containing the security fix.
Please update your foxes! 🦊
Kudos to all the countless people postponing their sleep and working towards resolving this so quickly! Really impressive teamwork again. Also, kudos to Manfred for pwning Firefox again :)
TIL the #Firefox translations features isn't only working for web pages. Head to `about:translations` to translate any text from your clipboard. Just like with web page translations, this is always done locally. None of the text leaves your device. Ever.
Annoyed that a website is doing something custom on right-click? Did you expect the browser's context menu (Back, Reload, Save Page As, View Source etc.)?
Just hold the ⇧Shift key while clicking and Firefox will show the built-in context menu.
**Last Chance to fix eIDAS: Secret EU law threatens Internet security: ** New legislative articles, introduced in recent closed-door meetings and not yet public, envision that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments.
- EU Citizens, write to your Member of European Parliaments - Experts, Researchers & Civil Society: Sign the open letter at https://eidas-open-letter.org
👨👩👧👦 Dad // 👨💻 Security Engineer & Manager for Mozilla Firefox // ⛺🚴 Cyclist // co-founded CTF team fluxfingers in '07. // opinions are my own and I do not speak for my employer.