Security News

On Thursday Microsoft warned that there's an ongoing campaign to distribute malware that modifies web browsers to conduct credential theft and ad fraud. Since at least May, 2020, unidentified cybercriminals have been distributing a family of browser modifiers dubbed Adrozek, Microsoft said.

On Thursday Microsoft warned that there's an ongoing campaign to distribute malware that modifies web browsers to conduct credential theft and ad fraud. Since at least May, 2020, unidentified cybercriminals have been distributing a family of browser modifiers dubbed Adrozek, Microsoft said.

Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports. The bugs impact Protocol Handlers, which are related to a mechanism that allows apps to register their own URI schemes used for process execution.

"In light of the very high availability of HTTPS, we believe that it is time to let our users choose to always use HTTPS. That's why we have created HTTPS-Only Mode, which ensures that Firefox doesn't make any insecure connections without your permission," Mozilla says. Once HTTPS-Only Mode has been enabled, Firefox will attempt to always establish a fully secure connection to the visited website, and even if the user clicks on an HTTP link or manually enters it, the browser will still use HTTPS instead. The new feature can be enabled from the "Preferences" menu, in the "Privacy & Security" section.

A crafty person could have slurped every single cookie from a Firefox-using Android device by tricking a user to look at a specially crafted HTML file. So found infosec researcher Pedro Oliveira, who discovered a vulnerability in the way Firefox handled local files through content:// URIs that allowed him to remotely retrieve copies of all cookies saved on the device - giving him access to a reasonable estimate of the websites viewed by the device's user.

Mozilla Firefox 83 was released today with a new feature called 'HTTPS-Only Mode' that secures your browsing sessions by rewriting URLs to secure HTTPS versions. Windows, Mac, and Linux desktop users can upgrade to Firefox 83 by going to Options -> Help -> About Firefox.

For Intermediate CA Preloading, Mozilla enumerates all of the intermediate CA certificates in the trusted Web PKI, with the relevant ones available through the multi-browser Common CA Database reporting mechanisms. "As a result of Mozilla's leadership in the CA community, each CA in Mozilla's Root Store Policy is required to disclose these intermediate CA certificates" to the CCADB, the browser maker explains.

Mozilla and Google have already patched the critical Firefox and Chrome vulnerabilities exploited recently by white hat hackers at a competition in China. The flaw was fixed with the release of Firefox 82.0.3, Firefox ESR 78.4.1 and Thunderbird 78.4.2 just a couple of days after it was disclosed at the 2020 Tianfu Cup International PWN Contest, which took place over the past weekend in China.

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have been pwned on this year's contest," the event organizers said.

Mozilla today started rolling out Firefox 82.0.1, a new version that fixes a known bug where the Windows installer displays unnecessary reboot prompts on some systems after it finishes the installation. "This would affect anyone running a full installer[.], provided they have at least one other Firefox installation in a directory other than the one that they just installed into," Mozilla engineer Molly Howell explained on the company's bug tracker.