Time to drop Firefox 52ESR, and...

According to
https://nakedsecurity.sophos.com/202...fox-right-now/
, wild attack is going on, so act as soon as possible.
Related bug is Bug 1607443, but it seems so critical that the content is
not open for public.

Firefox 52ESR users on WinXP could switch to roytam's browser seamlessly:
https://msfn.org/board/topic/180462-...omment=1176055

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA

Lu Wei wrote:
According to
https://nakedsecurity.sophos.com/202...fox-right-now/
, wild attack is going on, so act as soon as possible.
Related bug is Bug 1607443, but it seems so critical that the content is
not open for public.

Firefox 52ESR users on WinXP could switch to roytam's browser seamlessly:
https://msfn.org/board/topic/180462-...omment=1176055

But it says in the Sophos article, you can switch off the JIT settings
in about:config and continue using the browser.

about:config in the address bar

javascript.options.ion false

And that should stop the bypassing DEP behavior.

That's if a user even has DEP turned on.
Which would be a separate article.

By turning on DEP, software with a flat tire would be
stopped from running, and an error would appear on the screen.
An example of a dialog is shown here.

https://www.bleepingcomputer.com/for...-dep-prevents/

DEP is not a side-effect free technology. If you turn it on,
you'll hate it after a while.

The protection features are "gradual". This is an example.

WinXP: DEP: yes
ASLR: no

Vista: DEP: yes
ASLR: yes, but broken on one of x86 ox x64 (more research required)

Win7+: DEP: yes
ASLR: yes

Paul

On 2020-1-17 18:02, Paul wrote:

But it says in the Sophos article, you can switch off the JIT settings
in about:config and continue using the browser.

Â*Â*Â*Â* about:config in the address bar

Â*Â*Â*Â*Â*Â*Â* javascript.options.ionÂ*Â*Â* false


Yes, but it will have performance penalty, although I don't know how much.

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA