Critical Firefox Vulnerability Discovered

[Vistaar]

A critical vulnerability in Firefox was announced by Mozilla on January 8, 2020, and fixed in Firefox 72.0.1. Did this vulnerability also exist in Firefox ESR 52, which some Windows Vista diehards are probably still using? According to Moonchild (developer of Pale Moon and Basilisk), "Also note that if you are still on Firefox ESR-52 for legacy extension use, you are at risk..."

VistaLover of MSFN has suggested changing javascript.options.ion from true to false in about:config as a mitigation.

 

[stvpls]

i agree with you that may be unsecure but i think that 52 is the last good version because of the design wich i like more than the modern one wich i don't, also it does have one problem, for some reason it does use tons of ram just for a simple web page, thats why i use opera 36 and ie 9 with tls 1.1 and 1.2 enabled instead of that ram eater

 

[wither 3]

I use both but use FF most of the time. When I use the Performance Monitor and check memory usage with Opera open and one webpage open, the usage is about 54%. I close Opera and open the same page in FF, the usage is about 55% so I don't know why you mention the "tons of RAM." With both browsers closed, memory usage is about 47%. However, this is off subject for this thread.

I haven't experienced any security issues with either browser.

 

[stvpls]

I use both but use FF most of the time. When I use the Performance Monitor and check memory usage with Opera open and one webpage open, the usage is about 54%. I close Opera and open the same page in FF, the usage is about 55% so I don't know why you mention the "tons of RAM." With both browsers closed, memory usage is about 47%. However, this is off subject for this thread.

I haven't experienced any security issues with either browser.

i mean ff uses like 300mb just to get the homepage, i have cookie editor for old youtube layout and adblock on both
just look at how much just for the damn home
the same happens on my xp/win 7 computers

 

[Vistaar]

i agree with you that may be unsecure but i think that 52 is the last good version because of the design wich i like more than the modern one...

Firefox ESR 52.9.0 was of course the last version that supported Windows Vista and XP, so it doesn't really matter what we think about Firefox Quantum (which I assume you have used on Windows 7). There is an old sticky thread What browser do you use? that might be more suitable for discussion of your personal browser preferences. The purpose of my original post was to alert Vista diehards to an unpatched vulnerability that was already being exploited in the wild a month ago. (OT, but I don't think a fork of Chromium 49 that hasn't been patched since August 2016 can be regarded as secure either.)