Mozilla patches two use-after-free vulnerabilities (ab)used in the wild

My Mull builds for Android had this update out &lt;6 hours after. <a href="https:&#x2F;&#x2F;divestos.org&#x2F;misc&#x2F;ffa-dates.txt" rel="nofollow">https:&#x2F;&#x2F;divestos.org&#x2F;misc&#x2F;ffa-dates.txt</a><p>Fennec F-Droid should be updated by Wednesday or so. <a href="https:&#x2F;&#x2F;gitlab.com&#x2F;fdroid&#x2F;fdroiddata&#x2F;-&#x2F;merge_requests&#x2F;10706" rel="nofollow">https:&#x2F;&#x2F;gitlab.com&#x2F;fdroid&#x2F;fdroiddata&#x2F;-&#x2F;merge_requests&#x2F;10706</a>

I use Firefox on Ubuntu and Android. I love Firefox more than Chromium-based browsers. But security is the one thing that makes me think of switching.<p>Two minor things that prevent me from switching to Chromium-based browsers:<p>1. There is no addon functionality on Android for Chromium-based browsers. For example, I can add the uBlock addon on Firefox for Android but not Chrome for Android.<p>2. There is no option to place the address bar at the bottom of the screen for one-handed usage, as in Firefox Android.

What happened to rewriting the browser engine in Rust? Isn&#x27;t the language supposed to prevent this sort of bugs?

Is there a way to disable XSLT in Firefox?

I’m curious why the second bug is labeled critical. WebGPU is still disabled isn’t it?

Proactive security: patching vulnerabilities after they are (ab)used in the wild.

So open the bugs are not viewable.