this post was submitted on 25 Oct 2024
219 points (99.1% liked)

F-Droid

8069 readers
27 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 3 years ago
MODERATORS
 

Can I get more info on why these are showing up? I've never seen such a thing on F-Droid before.

you are viewing a single comment's thread
view the rest of the comments
[–] Quintus@lemmy.ml 21 points 4 days ago (2 children)

Are these two from the same maintainer? If not, considering that they both use Firefox Android as their base, does this mean there is a vulnerability in Firefox Android?

[–] Piwix@lemm.ee 36 points 4 days ago (1 children)

There was and it was fixed by the looks of it. Guessing these apps have not urgently pulled the fixes in and released an update, so F-droid is urging people not to use the apps until so

[–] WhyJiffie@sh.itjust.works 10 points 4 days ago

they pulled the fixes, but couldn't build because google fucked up the NDK. my other comment has more details

[–] kitnaht@lemmy.world 21 points 4 days ago* (last edited 4 days ago) (1 children)

Yes, there was a remote code execution vulnerability in the CSS engine of firefox a little while ago. If you're on desktop version 131 or lower, update to 131.0.3 when possible. I don't know how the versioning works for the Android versions here...

[–] Redjard@lemmy.dbzer0.com 11 points 4 days ago (1 children)

173? What happened to firefox versions? We just started the 130s

[–] kitnaht@lemmy.world 13 points 4 days ago* (last edited 4 days ago) (1 children)

shit, woops. I've got memory issues, my bad. Let me fix that rq. Thanks for catching it.

https://nvd.nist.gov/vuln/detail/CVE-2024-9680

[–] Redjard@lemmy.dbzer0.com 9 points 4 days ago

Yeah that seems about right.

I don't know how the versioning works for the Android versions here...

Android has the same versions as desktop here, which is why there is no differentiation. The main chunk of firefox is platform independent (and even used in thunderbird too).

So any firefox android app and fork thereof needs that version 131.0.3+ too (unless it is esr which is 128 currently).