So I went to update my apps and was greeted with these warnings in FDroid. A quick and basic search online and in various communities yielded no news regarding a major compromise in Fennec and Mull, does anyone know more about this or have you seen any news regarding a vulnerability? Curious if this is a false positive or if there is something going on with firefox forks.
Mull was fixed in the DivestOS repository as early as October 17th, but to do this you need to add to F-Droid and reinstall Mull.
Or you can install directly from Divest via FFupdater, or from their github (I use Obtainium for that).
It is the recent use after free vuln actively exploited found in FF, which both Fennec and Mull relies as upstream. This compounds on changes made to Android NDK and the source of FF move into the monorepo, making them harder to build. Hence, they’re still vulnerable to the attack.
found in Fx*
the source of Fx*