Can I get more info on why these are showing up? I’ve never seen such a thing on F-Droid before.
I would like to, but unfortunately I’m not experienced enough to do something like this.
You hit “create community”
It takes little time but shouldn’t be that crazy
The current version has a critical security vulnerability (https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/) but to fix it the new version compiled against libclang version 27 but Google decided to remove it from Android so the building pipeline needs to be adjusted.
There’s a long discussion: https://gitlab.com/relan/fennecbuild/-/merge_requests/63 , about building the newer version
In the meanwhile the app is a security hazard.
Uninstalling my primary browser isn’t really a practical solution, what am I supposed to use, Chrome? How about fixing the version they’re shipping? Or should I be looking somewhere other than F-Droid for Android Firefox?
Or should I be looking somewhere other than F-Droid for Android Firefox?
FFUpdater, on F-Droid, manages updates for Firefox and other browsers. I counted nine variations of Firefox or forks of Firefox. As well as eight variations of Chromium based browsers that aren’t Chrome. So that’s 17 options.
Iceraven is a Mozilla based standin.
Can install FFUpdater here:
https://f-droid.org/packages/de.marmaro.krt.ffupdater/
and then select it from there.
I changed to the Divest-repo for Mull, and they have an updated version that has fixed these security issues.
ETA: Different signing keys though, so you can’t just update it, but have to reinstall.
You add https://divestos.org/apks/official/fdroid/repo/ as a repo in F-Droid settings. After that you can choose which repo to prefer for Mull.
Theyre the distributor, the dont fix apps and its not their job to do so. Getting the same app from a different source wont change anything
huh? no one’s asking them to fix firefox, we’re asking that they just ship the latest version.
the warning states that several vulnerabilities have been fixed since firefox version 130, f-droid’s latest version of the package is 129: that very much makes it sound like the problem is wholly caused by f-droid not making version 130 available.
There should really be push notifications around installed apps with known vulns… Its tracked here: https://forum.f-droid.org/t/vulnerability-warnings-in-f-droid-app/20505
Could someone with a gitlab account open a feature request on the f droid repo?
I tried to open an account but it required email + cell phone (it picked up my VoIP number) and a credit card…
EDIT: I generated an RSS feed based off of Mozilla’s known vuln list. If anyone knows of a better way to do this, please let me know!
There was a critical vulnerability found on Firefox some days ago: CVE-2024-9680. Fennec and Mull are forks of Firefox. They both fixed this issue already in their source code, BUT there is a problem preventing F-Droid from building these updated, fixed versions.
In the case of Mull, you can download the updated version from the DivestOS F-Droid repository: https://divestos.org/fdroid/official/, but if you are currently using the F-Droid version you will need to uninstall it first, since they have different signatures.