If, like me, you’ve relied on Fennec as a more tolerable version of Firefox for Android, you may have gotten some bad news in the latest F-droid update cycle.
Fennec has fallen so far behind on updates that serious security patches implemented by Mozilla in Firefox haven’t been applied to the fork, and Fennec is therefore still breachable.
The developer responded two weeks ago that they were “short on time”, and there still isn’t a new, secure version available. This appears to be due to that recurring weak link in open source development: small teams, confronted by real life demands like time and money?
Is there a way to transfer my browser profile on Android between Fennec and Firefox?
Firefox sync? You’ll get bookmarks at least
I’ve been using Fennec. Any one got advise on what would be the best alternative? And please explain why.
Mull browser is also available on fdroid. It is an even better (secure) alternative to firefox as it uses some of tor architecture, from what I know.
There’s really no reason to go scrambling for an alternative, it’s a temporary problem.
Fdroid just posted https://floss.social/@fdroidorg/113384089915217604
Cool cool, glad to see I may have jumped the gun. But I had cause to try a couple other Firefoxes (Nightly Beta and Mull) in the meantime!
Now I’ll just be refreshing F-Droid every five minutes until the update comes through 😄
more tolerable version
It doesn’t even get updates. What are you on about? 😂
For those who want to install standard FF via Obtainium use this:
https://download.cdn.mozilla.net/pub/fenix/releases/
Then add intermediate links
[0-9]+\.[0-9]+/$ android/$ fenix-[0-9]+\.[0-9]+-android-arm64-v8a/$EDIT: based on https://github.com/ImranR98/Obtainium/issues/1625#issuecomment-2120736614
If you want an up-to-date and lightweight Firefox fork, try Waterfox that’s what I’m using right now
Didn’t even know there was a Waterfox for android, good to know.
I have Mull installed 129.0.2 https://f-droid.org/repo/us.spotco.fennec_dos_21290220.apk
Should I uninstall?
Is there any way to export bookmarks from mull, so that I can uninstall it?
I used the Mozilla account sync thing that’s built in but it didn’t restore the extensions.
bookmarks and passwords seem to have copied over to the DivestOS one though.
Honestly, just wait a little bit, both Fennec and Mull will get it sorted soon and you’ll see an update. If the vulnerability is worrying you that much, I’d honestly just download the standard Firefox APK for the time being and use it while waiting on Mull to update on fdroid. It likely won’t be more than a couple days.
There are newer builds sooner in the divestos repository https://divestos.org/pages/our_apps#repos
“It’s fine” (or will be), just donate & carry on.
What do you find not tolerable in standard Firefox and what did this browser do that made it better?
I know firefox is rather memory heavy, but despite that it’s still my go-to browser, both for desktop and mobile.
I think this is beside the point here, but as it says in the F-droid description, their build “has proprietary bits and telemetry removed”.
Upstream Firefox doesn’t comply with FDroid’s rules (thanks to the ‘proprietary bits and telemetry’ Handles mentioned), so is only available from the Play Store or as a loose APK that won’t auto-update.
This reads like “they only sell hamburgers at the grocery store, and they don’t sell veggie burgers at the hippie food store because they aren’t vegan”
it’s also available from Mozilla’s repos and can be updated using Obtainium https://download.cdn.mozilla.net/pub/fenix/releases/
Cool.
But I’m not adding another method of updating apps just for the browser. F-Droid is where my non-play store apps live and update from, and I’d like to keep it that way.
I use Obtainium (available in F-Droid) alongside F-Droid since both have auto-updates
this is still tolerable to the old days of updating manuallybiggest upside is I can update Tubular/Newpipe faster via Obtainium while F-Droids build system takes days
A bit of backstory on how we got here - in June 2024 Mozilla chose to (a) integrate the source tree of Firefox Mobile into their huge monorepo (“gecko-dev”), and (b) move the source off of Github onto their own git servers (“Mozilla Central”). You can read about it in the now-archived old repo:
- https://github.com/mozilla-mobile/firefox-android
- https://github.com/mozilla-mobile/firefox-android/wiki#upcoming-migration-to-mozilla-central
This was then compounded by a core Android build kit (“NDK”) choosing to remove parts of the toolchain which is/was used to build Firefox releases (ergo, forcing another change to build process):
Together these have caused a bit of a kerfuffle in getting new releases compiled and released via the official F-Droid methodology. See the other comment about the Mull version in their private repo, they’re having to use a Mozilla pre-built clang (a compiler toolchain) now to make it work for the time being.
Thanks for the context! Much appreciated.
I got the same warning for Mull. Is the patching so extensive? I always thought they have a patchset for some of the shortcomings and just apply that onto the newest Firefox version… Or do they do a full code review on all of the changes?
Same, I just switched to mull. Use FFupdater
