alt Hacker NewsLooks like someone archived the page of firefox-patch-bin[1] and the only thing that stands out about the package itself is that it's supposedly the "Extended Support Release." Besides that it looks like it's depended on by 183 other packages/metapackages. While that seems more interesting, there isn't an archive of all of those packages.
[1]https://web.archive.org/web/20250718140411/https://aur.archl...
Replies
mzajc • yesterday at 7:23 PM
I saw the ESR part - I assumed the author (mistakenly?) copied firefox-esr's description. As for the dependents, it seems the malware package provided `firefox`, meaning all dependencies on `firefox` can instead be fulfilled by `firefox-patch-bin`. Perhaps the idea was to fool package managers into showing it as one of the alternatives.
These 183 packages depend on "firefox", and the malicious firefox-patch-bin had a provides=( 'firefox' ) clause in it. That's why they all get listed on that page. The provides clause is useful when you have multiple packages for the same thing with different names, for example -bin and -git versions.