Compromised packages of Firefox-based browsers—Firefox, LibreWolf, and Zen—were detected in the Arch User Repository, necessitating immediate removal and reinstallation. Affected packages, appearing on July 16, included librewolf-fix-bin, firefox-patch-bin, and zen-browser-patched-bin, which contained a Remote Access Trojan. The packages were identified and removed less than two days later. Users are advised to check their systems and take necessary security measures, although technical expertise may be required to ensure machines remain uncompromised. Arch Linux has a notable user base, especially among gamers, partly due to its use in Valve's SteamOS 3.
The Arch Linux maintainers issued a security warning regarding compromised packages of Firefox-based browsers in the AUR, urging immediate removal and reinstallation.
Three browsers were affected by compromised packages on July 16, containing a Remote Access Trojan (RAT) and were subsequently removed from the repository.
Collection
[
|
...
]