Security News

Firefox's new feature automatically redirects from HTTP to HTTPS and should be considered a must-use for the security-minded. Now, here's the trick: A website might automatically direct your insecure call to the secure protocol, so HTTP automatically directs to HTTPS. When that happens, you're good to go.

When version 90 of Google's Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme. Chrome 90 will make HTTPS the default for first time website visits where no transport has been declared.

Mozilla today announced the release of Firefox 87 in the stable channel fitted with a new intelligent tracker blocking mechanism. Called SmartBlock, the feature works in Firefox Private Browsing and Strict Mode and is meant to improve users' browsing experience through fixing pages that Mozilla's tracking protections break.

Mozilla has announced that it will introduce a more privacy-focused default Referrer Policy to protect Firefox users' privacy, starting with the web browser's next version. Once updated, the web browser will automatically trim user-sensitive information like path and query string information accessible from the Referrer URL. This URL is sent together with the HTTP Referrer header between websites during subresources requests and navigating between sites by clicking on links.

Mozilla today started rolling out Firefox 86.0.1 to address a known bug causing the web browser to crash frequently when launched on Linux systems. While this issue came with a low crash rate on previous Firefox versions, Linux users have started seeing more and more crashes after updating to Firefox 86 last month.

Firefox Total Cookie Protection comprehensively partitions cookies and other site data between websites. Mozilla has added Total Cookie Protection to both the desktop and mobile versions of its browser, though the feature isn't enabled by default.

Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware. The Chinese state hackers also infected victims with the Scanbox malware reconnaissance framework, which allowed them to harvest their targets' data and log their keystrokes.

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said in an analysis.

A newly uncovered cyberattack is taking control of victims' Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. FriarFox gives cybercriminals various types of access to users' Gmail accounts and Firefox browser data.

The Mozilla Foundation has released its latest version of the Firefox browser, which comes with new privacy protections to squash cross-site cookie tracking, as well as a slew of security vulnerability fixes. "Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site," said Tim Huang, Johann Hofmann and Arthur Edelstein with Mozilla on Tuesday.