On Sat, 3 Dec 2022 21:33:21 +0100 Manfred Hollstein <mhollstein@t-online.de> wrote:
On Sat, 03 Dec 2022, 21:14:13 +0100, Larry Len Rainey wrote:
The US Cert team has advised bank of a zero day exploit on Firefox below 107. So all login attempts are blocked for Firefox less than 107.
The code from the Cert team does not provide for esr versions.
The problem is Windows machines have been compromised - not man Linux machines have. Best I can tell is a "rust based malware" can be installed on versions prior to 107. Firefox and Thunderbird 107 prevent the "rust based malware" from running.
Please ask them where they get the Thunderbird 107 version from:
http://archive.mozilla.org/pub/thunderbird/releases/
There is none, just beta versions...
That is what the bank told me yesterday when I called about the no login for 102.5esr version.
Err, I just created an account on mail.com using FF102.5 ESR and used it happily, so there doesn't seem to be any problem there. Perhaps you have some different problem? Also my bank happily lets me log in using FF102.5 and even earlier browsers, so I think the problem is overstated.
There is a 107.1 version of Firefox in the meantime, maybe that version has a fix for the zero day exploit, while 102.5esr does not even need it because it does not have the features added after Firefox 103?
Larry
HTH, cheers.
l8er manfred