Security News

Mozilla published a support document with a quick fix for a widely reported known issue causing Twitter not to load on the Firefox web browser. According to a bug Mozilla has been tracking and working on fixing for the last 20 days, some users might see blank pages or errors when trying to visit the social network's website, with some reports also saying that the issue also affects mobile users.

Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code. Firefox ESR is a Firefox version that's based on an official release for desktop, for use by organizations who need extended support for mass deployments.

A vulnerability in Firefox for Android paves the way for an attackers to launch websites on a victim's phone, with no user interaction. "Instead of providing the location of an XML file describing a UPnP device, an attacker can run a malicious SSDP server that responds with a specially crafted message pointing to an Android intent URI. Then, that intent will be invoked by the Firefox application itself."

A vulnerability identified in Firefox for Android could have been exploited to remotely open arbitrary websites on a targeted user's phone without the need to click on links, install malicious applications, or conduct man-in-the-middle attacks. The flaw was discovered by researcher Chris Moberly in version 68 of Firefox for Android.

Mozilla is decommissioning Firefox Send and Firefox Notes, two legacy services that emerged out of the Firefox Test Pilot program. Firefox Send, the browser maker reveals, is being discontinued because it has been abused for delivering malware and phishing attacks.

Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. Discovered originally by Australian security researcher Chris Moberly, the vulnerability resides in the SSDP engine of the browser that can be exploited by an attacker to target Android smartphones connected to the same Wi-Fi network as the attacker, with Firefox app installed.

Mozilla announced on Thursday that it has expanded its bug bounty program with a new category that focuses on bypass methods for the exploit mitigations, security features and defense-in-depth measures in Firefox. Mozilla says mitigation bypasses have until now been classified as low- or moderate-severity issues, but they are now eligible for a reward associated with a high-severity flaw as part of the new Exploit Mitigation Bug Bounty.

Mozilla has announced a new Firefox protection feature to stymie a new user tracking technique lately employed by online advertisers: redirect tracking. By implementing anti-fingerprinting protections, an anti tracking policy, Enhanced Tracking Protection blocking trackers, cross-site and third-party tracking cookies, Mozilla has, slowly but surely, been enhancing Firefox tracking protections for years.

Well, 28 July 2020 is a Blue Firefox Update event - the second major security fix of the month, given that Mozilla now uses an every-four-weeks-on-Tuesday rhythm, and Firefox 78.0 came out on the first day of the month. Microsoft and Adobe follow a process of "Once each month on the second Tuesday"; Oracle has a system than delivers "Four times a year on the Tuesday closest to the 17th day of the first month of each calendar quarter", and Apple favours the "When security fixes are ready they arrive, and we deliberately don't say exactly when for security reasons" approach.

You upload the file to a file sharing site, optionally setting various options that describe which other users can see it, and for how long, and then send the recipient an email that contains a download link where they can fetch the file at their leisure. Which is why we are occasional but enthusiastic users of Firefox Send, a free service from Mozilla that aims to let you share large files easily, but without the worry of what gets left behind and forgotten about.