Glad to be of use!

Absolutely no problem, happy if you liked it!

The issue had been made public only on July 25. The point of sharing the bug isn’t notifying users to patch their browsers but to inform browser vulnerability researchers of a valuable data point.

It was an ITW 0-day at the moment of reporting and has probably retained the issue header from back then which I had copied.

A bunch of other Foxit vulns here: https://talosintelligence.com/vulnerability_reports

Popped up on my Twitter feed somewhere

deleted by creator

deleted by creator

Well, the malicious actors can setup their own instances as well and exploit the inherent trust between the participants by design. P2P sold as security property in the scenario where participants are unknown and multiple in numbers is misconception. It does not square well with basic security mindfulness, and shouldn’t be taken as improvement in that regard.

I think that federation and all this stuff is not about improving security, it is a form of grassroots communication based on certain principles. If you need security, you use other tools, and treat these things as public, hostile spaces.