this post was submitted on 29 Oct 2024
98 points (96.2% liked)

Privacy

31742 readers
584 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So I went to update my apps and was greeted with these warnings in FDroid. A quick and basic search online and in various communities yielded no news regarding a major compromise in Fennec and Mull, does anyone know more about this or have you seen any news regarding a vulnerability? Curious if this is a false positive or if there is something going on with firefox forks.

top 21 comments
sorted by: hot top controversial new old
[–] kenbw2@lemmy.world 14 points 10 hours ago

It's still waiting on a repackaging effort

https://gitlab.com/relan/fennecbuild/-/merge_requests/63

Looks like the latest hurdle is that Firefox is relying on some Google-specific variables being present, which fails on AOSP

[–] fireshell@lemmy.ml 42 points 14 hours ago* (last edited 14 hours ago) (3 children)

Mull was fixed in the DivestOS repository as early as October 17th, but to do this you need to add to F-Droid and reinstall Mull.

[–] jjlinux@lemmy.ml 8 points 12 hours ago (1 children)

Or you can install directly from Divest via FFupdater, or from their github (I use Obtainium for that).

[–] PunkiBas@lemmy.world 4 points 11 hours ago (2 children)

How do you use obtainium to download from their repo? I'm trying but can't seem to make it work.

[–] superglue@lemmy.dbzer0.com 1 points 2 hours ago

When you got add the repo in Obtainium in the overrides section choose Fdroid Third party repo. Then in the app name field type mull

[–] jjlinux@lemmy.ml 2 points 5 hours ago* (last edited 5 hours ago)

I apologize. I didn't see that my Obtainium was actually pulling from the fdroid repo. I was able to add it to Obtainium from the Divest repo: https://divestos.org/fdroid/official/us.spotco.fennec_dos_21320020.apk

But I really doubt that it will trigger updates, since it's tied to the current version apk.

I update my browsers and K9 via FFupdater, that's where my confusion came from. And I thank you for calling me our, I just removed Mull from my Obtainium.

[–] TWeaK@lemm.ee 5 points 14 hours ago

Ah phew, was wondering why I hadn't even had the notification.

[–] thebigslime@lemmy.world 0 points 8 hours ago (1 children)

I get an incompatibility error after adding their repo to FDroid.

[–] archy@lemmy.world 6 points 7 hours ago (1 children)

Signatures are different. Uninstall old FDroid version first

[–] thebigslime@lemmy.world 1 points 2 hours ago

Thanks! Trying that now.

[–] umami_wasbi@lemmy.ml 22 points 14 hours ago* (last edited 14 hours ago) (1 children)

It is the recent use after free vuln actively exploited found in FF, which both Fennec and Mull relies as upstream. This compounds on changes made to Android NDK and the source of FF move into the monorepo, making them harder to build. Hence, they're still vulnerable to the attack.

[–] apostrofail@lemmy.world -3 points 11 hours ago

found in Fx*

the source of Fx*

[–] CrazyLikeGollum@lemmy.world 14 points 13 hours ago (1 children)

Mull at least has been fixed in the divestOS repo. I can't speak to fennec as I don't use it.

The version in the f-droid main repo is behind because of Mozilla changing their repo system thus screwing with the build process and at least for now currently requiring a compiler that doesn't meet F-Droid's (IMO slightly ridiculous) standards for allowable software.

[–] lemmeBe@sh.itjust.works 3 points 11 hours ago

Thanks! Added their repo and reinstalled. Secure again. 😎

[–] merde@sh.itjust.works 11 points 14 hours ago* (last edited 14 hours ago)

https://lemmy.ml/post/21783142

2 of the last 5 posts on !fdroid@lemmy.ml are on this

[–] mariusafa@lemmy.sdf.org 9 points 14 hours ago

Mull from divestos repo works fine! Use FFupdater to install it or link the fdroid repo to your fdroid

[–] slurp@programming.dev 9 points 14 hours ago

Mull is fine if you use the divestos repo directly, but the f-droid version is behind

[–] Jean_le_Flambeur@discuss.tchncs.de 6 points 14 hours ago* (last edited 14 hours ago) (1 children)

Had the same, promptly uninstalled, didnt find infos.

[–] lol@discuss.tchncs.de 3 points 13 hours ago (1 children)

You could also just disable it if you want to keep your settings, addons etc.

True, but the config settings should be good Form the get go, that's the reason the app exitists after all and ublck and noscript are installed fast. But thanks for the tip :)

[–] paf@jlai.lu 2 points 14 hours ago

Haven't read so can't tell you but you will find info at https://leminal.space/post/11699480