RomCom exploits Firefox and Windows zero days in the wild

elphinstone · 2024-11-28T03:36:57 1732765017

Good on Mozilla for the rapid response.

galangalalgol · 2024-11-28T02:00:58 1732759258

Another use after free... I'm on board with cisa on this one. If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.

throw16180339 · 2024-11-28T04:13:36 1732767216

Please let us know when Rust has an AIX, i/OS, z/OS, Nonstop OS, OpenVMS, or Stratus VOS target.

tux3 · 2024-11-28T04:17:28 1732767448

The headline is about Firefox on Windows for a good reason: that's where the regular users are.

If you want Rust on Nonstop, a niche proprietary platform, your large financial company is welcome to invest in it.

lmm · 2024-11-28T04:56:30 1732769790

> AIX, i/OS, z/OS, Nonstop OS, OpenVMS, or Stratus VOS

A list of which Firefox runs on precisely none.

oguz-ismail · 2024-11-28T02:58:23 1732762703

> I'm on board

and who are you?

do_not_redeem · 2024-11-28T03:19:56 1732763996

His name is galangalalgol. Fashionable, visionary leader of the rust evangelism strike force. And don't you forget it.

(Read in the voice of Tribore Menendez)

ClassyJacket · 2024-11-28T04:08:44 1732766924

I exaggerate alot but even by my standards this is ridiculous hyperbole. Rust just isn't supported on alot of platforms and libraries.

dmitrygr · 2024-11-28T02:18:56 1732760336

> If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.

Sure, as long as you are ok being similarly sued next time you install or use windows, macos, or linux on some box you administer. Those are all written in C. I guess you're OS-less until you write one in something safe. Ditto for web browsers and bootloaders.

lmm · 2024-11-28T05:00:36 1732770036

> next time you install or use windows, macos, or linux on some box you administer.

I don't administer other people's boxes, I provide them with programs written in safe languages (as a bootable unikernel if they want). If they choose to run them on a buggy OS that's on them.

galangalalgol · 2024-11-28T02:41:15 1732761675

Wasn't the first cut at windows me written in c#, maybe we can start there. The servo browser on redox isn't even completely free of c I think.

throw16180339 · 2024-11-28T04:22:36 1732767756

I think you're thinking of Windows Longhorn (https://en.wikipedia.org/wiki/Development_of_Windows_Vista#M...). They used managed code and ended up partially scrapping it to restart development on top of Windows Server 2003.

smitelli · 2024-11-28T03:27:42 1732764462

Windows ME was just Win98SE in an ugly sweater. Mostly C/C++ with some assembly peppered in.

xahrepap · 2024-11-28T03:52:05 1732765925

Maybe you’re thinking of this?

https://en.m.wikipedia.org/wiki/Singularity_(operating_syste...

qskousen · 2024-11-28T02:46:09 1732761969

Windows ME was the worst Windows though.

edm0nd · 2024-11-28T03:43:50 1732765430

Hard agree.

Windows 98SE SP2 was the best

do_not_redeem · 2024-11-28T03:51:42 1732765902

Vista was the worst in my book. And Vista was actually the real turning point when C# started to infect Windows.

gpm · 2024-11-28T02:53:54 1732762434

Servo relies on firefox's JS runtime spidermonkey, written in C++.

ekr____ · 2024-11-28T03:12:33 1732763553

Moreover, a significant fraction of JS vulnerabilities are logic errors in the JIT, so even if the JIT itself is memory safe, that doesn't make the resulting code free of vulnerabilities.

njtransit · 2024-11-28T02:44:51 1732761891

It’s not negligent it use an unsafe OS if no safer options exist. It is negligent to use an unsafe language when safe alternatives exist.

gigel82 · 2024-11-28T03:09:41 1732763381

Visual programming like Scratch is safer than Rust so it's negligent if we don't all use Scratch next.

Also, everyone should pee sitting down by law because some are known to pee to on their pants otherwise.

/s