Comment

Comment on Zen browser had a backdoor enabled by default

<- View Parent

michaelmrose@lemmy.world ⁨1⁩ ⁨week⁩ ago

Librewolf is firefox with different settings how does it not already benefit from Firefox’s security team

source

Sort:hotnew top

priapus@sh.itjust.works ⁨1⁩ ⁨week⁩ ago
It does, but less than Firefox does. Their lack of manpower means delayed updates to fix zero days compared to Firefox. It also means less eyes on any patches introduced, so I’d be more concerned about malicious code being introduced.

source
- michaelmrose@lemmy.world ⁨1⁩ ⁨week⁩ ago
  
  Their lack of manpower means delayed updates to fix zero days compared to Firefox
  
  From their site:
  
  LibreWolf is always built from the latest Firefox stable source, for up-to-date security and features along with stability.
  
  As soon as firefox pushes a release, for instance to fix a security vulnerability, librewolf can immediately rebuild It is literally just firefox with different setting. Delay between firefox release and librewolf release should be negligible. You can verify this by noting that 136.0 was offered on the same day.
  
  codeberg.org/…/2b90daeb5aa5a80443f4f7655393f610fb…
  
  www.mozilla.org/en-US/firefox/…/releasenotes/
  
  The difference in time between firefox and librewolf security updates is less than the variance between users updating their machines.
  
  source
  - priapus@sh.itjust.works ⁨1⁩ ⁨week⁩ ago
    I’m not saying Librewolf is insecure, I’m saying its less secure. They generally do a good job keeping up to date, but there can be delays if an update conflicts with their changes.
    
    Librewolf is not just a Firefox config. You can look at the repo and see a number of patches. Without a paid security team to review these patches with every update, it is less secure.
    
    I’m not saying not to use Librewolf, the likelihood of a zero day specifically targeting it and effecting a significant number of users is very unlikely.
    
    source