There was a critical vulnerability found on Firefox some days ago: CVE-2024-9680. Fennec and Mull are forks of Firefox. They both fixed this issue already in their source code, BUT there is a problem preventing F-Droid from building these updated, fixed versions.

In the case of Mull, you can download the updated version from the DivestOS F-Droid repository: https://divestos.org/fdroid/official/, but if you are currently using the F-Droid version you will need to uninstall it first, since they have different signatures.

The current version has a critical security vulnerability (https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/) but to fix it the new version compiled against libclang version 27 but Google decided to remove it from Android so the building pipeline needs to be adjusted.

There's a long discussion: https://gitlab.com/relan/fennecbuild/-/merge_requests/63 , about building the newer version

In the meanwhile the app is a security hazard.

There should really be push notifications around installed apps with known vulns... Its tracked here: https://forum.f-droid.org/t/vulnerability-warnings-in-f-droid-app/20505

Could someone with a gitlab account open a feature request on the f droid repo?

I tried to open an account but it required email + cell phone (it picked up my VoIP number) and a credit card....

EDIT: I generated an RSS feed based off of Mozilla's known vuln list. If anyone knows of a better way to do this, please let me know!

Are these two from the same maintainer? If not, considering that they both use Firefox Android as their base, does this mean there is a vulnerability in Firefox Android?

For more frequent mull updates you can use DivestOS Official repo

What would people recommend in the short run as an alternative?

It doesn't say anything like that in Droid-ify. I don't remember any recent reports of vulnerabilities either.

Why is the F-Droid community on lemmy.ml??? (⁠●⁠´⁠⌓⁠`⁠●⁠)