Firefox 72.0.1 and FF ESR 68.4.1 available, fixing a critical security vulnerability exploited in targeted attacks:
– Mozilla: "We are aware of targeted attacks in the wild abusing this flaw."
– This updates the recently released Firefox 72.0 and FF ESR 68.4.0.
– There will be a Tor Browser update (9.0.4) and likely a Tails OS update soon.
There was a discussion regarding this on forum.f-droid.org in 2016/2017. However, we can't find it anymore. Maybe it is still there. Some people argued that unmaintained apps will be moved to the F-Droid Archive repo, so they aren't directly available for most users. Obviously, there are still outdated apps provided by F-Droid.
@maximpistos @infosechandbook @fdroidorg we can mark apps or single versions with the KnownVulnerabiltity antifeature. Users will get a notification the next time they update their package index if they have such an app installed. But even for that we need help from more people. It's hard to know if one of the 2.5k apps is outdated when none of the existing maintainers is even using it.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!