MITM attack in FIrefox (68.01 ESR up to Nightly)
Other urls found in this thread:
addons.mozilla.org
github.com
grapheneos.org
github.com
mitm.watch
github.com
blog.filippo.io
bugzilla.mozilla.org
jhalderm.com
caddyserver.com
twitter.com
OP = fag
did you even look into this bug?
>shows up in private mode
>doesn't show up in normal mode
????????
Did you?
Lol, I filed the bug Jim.
are you in private mode? press ctrl + shift + p.
It's here. Mozilla Firefox is hijacking encryption in private mode. Mozilla disables all your extensions on their site mozilla.org so they can track you with google analytics, and now this...
Stop using shit from Mozilla.
FUD
So many lies. I bet you use chrome.
Name a better alternative
Brave.
dissenter
cryptofag botnet
>better
lel
on addons.mozilla.org
There's none, we are fucked
it's a common knowledge that ubo only hides shits, they are actually loaded in your browser
>not using icecat
Then other blockers are the same, lets try it
i use adguard
works like a charm on all websites
also give it permission to run on incognito
Botnet
>ideologically themed browser
No, its just the alternatives are pretty shit
>>ideologically themed browser
gab/dissenter said that they removed all the telemetry that they found inside the browser... and that's when the brave devs went berserk on them.
They said that they started only to remove the logos and the rest of the shit but they stumbled upon a lot of parts of the browser that grabbed the users' activity and that's why it took them more time to release it.
finally, neither gab nor dissenter are "safe". they have blocking of some scripts but that's it. you are still visible via 3rd party and 1st party trackers and all of the google results and youtube links contain tracking links
Adguard collects and sells your browsing info. Do you think that 40 persons team make money with premium services for one dollar?
citation needed
github.com
Put these in your hosts file
extensions.webextensions.restrictedDomains => ""
privacy.resistFingerprinting.block_mozAddonManager => true
I don't show any trackers and all my addons still work. You said they disable all addons...
try this:
>yet another bug introduced by trannies into a bad timeline when Firefox is no longer the old-&-reliable Firefox but some Quantum rebranded shit with less features
Version 52 ESR does _not_ have this problem.
How does that deny the fact that is is ideologically themed?
You're just retarded. You can still block domains and apply filters when no-oping.
> Status: UNCONFIRMED
why would you lie on the internet, of all places?
You can but nothing will happen without
>site can't run it's botnet software
>says you're being man-in-the-middled because it can't botnet you
>having security is a FLAW
bug does not appear in private mode or normal in esr 60.x.x .. no wonder it's unconfirmed and been like this for hours. how do you fail this fucking hard?
I'm saying all my addons still work. That other user claimed they don't.
Did you read my last comment?
Based
can anyone confirm this bug?
please?
Idiot. The elements that would normally contain ads are hidden with CSS and subsequent requests to known ad, tracking, and malware domains are blocked.
Waterfox. It's firefox's good side minus mozilla's tranny insanity.
You have no fucking idea what you're talking about. Even faggotty Chrome stopped that nonsense. adblockers have BOTH element hiding rules that hide/collapse garbage AND network filter rules that prevent access. You can't block a first party CSS modal with a network filter and you can't block a remote script with an element hiding rule, both are required features.
>still using firefox after extension butchering
It's still the best
lynx
SiteShoter by NirSoft
In terms of Security:
Chrome > Firefox
That's debateable when you properly configure them.
No it's not you dumb fuck. Firefox objectively has a worse sandbox than chrome. It's even worse on linux and flat out non-existant on android. Nothing about this is "debatable".
any proofs or it's just your belief?
grapheneos.org
Guy's an autist but as an actual security researcher with a focus on browsers/OS, knows his stuff.
It's also common knowlegde that firefox has been working on revamping and improving their sandbox for a good while now under Project Fission.
That's not up-to-date. Sanboxing in firefox has improved a lot.
>That's not up to date
Lmao, any proofs or it's just your belief?
Firefox' sandbox is shittier than that of chrome, why is that so difficult to accept? They've been working on it (painfully slowly) but it's simply not done. Go on, check the bug ticket for Project Fission yourself, surely you're not too dumb to do even that little. The android thing is also an absolute joke.
So, what's the solution?
Use Chrome to spy on ourselves?
I'm not saying either of you are right or wrong, but he does bring up a fair reason to be skeptical, don't you agree?
they are open source github.com
but yes, I have my doubt on them. Right now I trust them but it may change
>Guy's an autist
so I can't take him seriously
>britain
Carry on.
Wtf is that swoosh logo? Jow Forums made it?
Has anyone fully read and understood the code to the point where they can determine whether or not Adguard can be trusted with your data? I do know that Adguard collects your data, but there's a tickbox that lets you disable it, but does it really?
It sucks. I have switched to chrome again and it works better.
curl
>he doesn't know how to read html
Not my experience. And I would rather not use a browser made by a company who's business model is collecting and monetizing user data. If you're going to use chromium at least don't use chrome.
Not happening on my machine. Closing the ticket.
You have nothing to hide, goy.
ublock doesn't hide it from showing in the view-source/inspect element area, it just blocks it from showing/running on the page. when I visit that site, ublock has a (1), did you install abp by mistake or something? you ARE using a privacy-oriented user.js, right?
>mitm.watch
this site says that mitm is "likely" whenever i have the following option enabled in my user.js. in order to figure out whether you're being mitm'd, they probably have to use SSL session IDs in some way.
// Disable SSL session tracking
// From ghack's user.js (github.com
// SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. Since the ID is unique, web servers can (and do) use it for
// tracking. If set to true, this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking
// Security information: blog.filippo.io
user_pref("security.ssl.disable_session_identifiers", true); // Hidden preference
>bugzilla.mozilla.org
>jhalderm.com
Just from skimming the paper's abstract, doesn't the fact that the warning only comes up in private mode imply that it's a false positive?
It's not a bug you fucking retard:
>See also caddyserver.com
>It's not very clear how the detection is working. I noticed that using a VPN / DNS blocker makes it fail at times. In any case, there's no actual MITM happening, the test is probably very sensitive to something network-related.
wow it's fucking nothing
Of course FF sandbox is worse. Chrome is backed by Google. FF is backed by separatists and open societies.
Good thing I use gentoo which only uses the safe and secure firefox version
shilling?
you are hacked
This isn't even a browser bug. That page detects MITM by checking if your connection behaves in the expected way based on your user agent. In incognito mode, Firefox blocks some shit in order to prevent tracking, that's why it gets flagged. Change your user agent or enable some anti-tracking features in about:config and you will get the "Likely MITM" in normal mode too.
That's not true. Mozilla only prevents addons from working inside the about:* pages, which has thebannoyingside effect of allowing Google Analytics in the "install new addons" section of about:addons which can be avoided by enabling Do Not Track.
>trusting Gab fags
You just went full retarded user.
Pale Moon, Ungoogled Chromium, Iridium.
Just as bad as Chrome. The only difference is that while both brave and chrome collect and keep data profiles on you, Chrome will share them with others while Brave wont. But the fact that the profile exists at all is what's really damning.
>have to log in and give permission to a "bug fix" a bug that involved removing Yandex for english users in Russia
Why?
That bug makes little sense at all. That bug also becomes a concern when you have to accept permissions to even see it.
CIA niggers?
>still bitching even though 99 % of addons were already ported to WebExtensions
>still wants an addon system that has unlimited access to the network, can access any file in your system and execute any program or script it wants to
Wew.
bump
Seems like a forced "bug." Nothing changes the fact that Bugzilla is garbage. If Mozilla moved whole project to github and let anyone to contribute, Firefox will be on another level now
bump
Faggot samefag. It's not a bug, and you're retarded.
IQ 21 confirmed
I'm using waterfox 56.2.12
I cant re-produced the issue. whether on normal-window or even on private-mode
Wasn't Pale Moon pozzed unbeknownst to anybody for several years?
>gimp + heal tool
Thinking anyone here wouldn't notice.
Interesting. Still seems to be going back and forth about cause.
>fucking dumbest generation immediately jumps all over this like it's some major fucking thing
Dear fucking kids:
Bugs happen all the time, get over it.
Security is a process, not a product.
If shit needs to be fixed, I'm extremely confident Firefox will fucking fix it fast.
The problems that actually DO need to be ridiculed and be concerned with are software that CONSTANTLY have MAJOR security flaws that are very slow to be resolved. So... Windows.
This is a non-issue. Just a potential bug that's been noticed, being looked into, and will be fixed quickly if needed.
Dumbest Generation strikes again.