当サイトはユーザー体験を改善するためのメンテナンスを実施中に機能が制限される予定です。記事を読んでもあなたの問題が解決せず質問をしたい場合は、Twitter の @FirefoxSupport、Reddit の /r/firefox で、サポートコミュニティが皆さんを助けようと待機しています。

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Apache Log4J Critical Vulnerability

more options

Good afternoon,

Is there an impact to the Mozilla Firefox application from the newly discovered Apache Log4J Critical Vulnerability (Log4J version 2.14.1 CVE-2021-44228)?

Can you please confirm if Mozilla Firefox is exposed to this vulnerability and if it is, then do you have an availability date of the patch to your codes?

Thanks, Milo

Good afternoon, Is there an impact to the Mozilla Firefox application from the newly discovered Apache Log4J Critical Vulnerability (Log4J version 2.14.1 CVE-2021-44228)? Can you please confirm if Mozilla Firefox is exposed to this vulnerability and if it is, then do you have an availability date of the patch to your codes? Thanks, Milo

すべての返信 (3)

more options

Hello,

I do not believe that this exploit was ever possible (except for java web applets), as Firefox is written in c++ (I believe there is rust in there too)

more options

This is about a specific Apache application that companies can run to log details about visitors on their servers. Firefox is a web browser and doesn't use this software, so unless you own a website that uses this Apache Log4J software then there is nothing to worry.

more options

Hi Milo, if you conduct a search for log4j in the Firefox source code on https://searchfox.org/mozilla-release/source/, you will find that Firefox uses a JavaScript module named log4js. Despite the name similarity, from what I read, it does not have the problematic features of the log4j Java program. Here's what I found:

Let me know if you discover anything concerning.