[loopdoend]

Fixed many months ago just being made public now, according to the bug tracker. Why a 7 month delay?

[okasaki]

"Fixed in Firefox 131.0.2" which was released 21 hours ago? (https://ftp.mozilla.org/pub/firefox/releases/131.0.2/)

[jokoon]

Because if you make it public too early, it gives some time for attackers to write exploit to target unpatched versions.

Firefox is used in other projects, so the patch needs to spread, and time is needed.

[hannob]

What are you talking about?

The fix was released today, and FF says they received the report 25 hours before that: https://infosec.exchange/@attackanddefense/11328207943028074...

[Brybry]

I didn't get the ESR 128.3.1 update until yesterday.

[pixelesque]

Why the need for patch releases then like 128.3.1?

[suprjami]

128 is the current ESR: https://whattrainisitnow.com/calendar/

[gpvos]

Citation needed.