Security News

Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced. This means the ISP, which has joined Moz's Trusted Recursive Resolver Program, will perform domain-name-to-IP-address lookups for subscribers using Firefox via encrypted HTTPS channels.

Cisco's Talos threat intelligence and research group has released information on a recently addressed vulnerability in Firefox that could be exploited for code execution. Cisco Talos on Wednesday published technical details on the security flaw, explaining that successful exploitation could lead to remote code execution.

Mozilla has emitted security updates for Firefox to address eight CVE-listed security flaws, five of them considered to be high-risk vulnerabilities. Of the five high-risk flaws, three are confirmed to allow arbitrary code execution, which in the case of a web browser means that simply loading up a malicious page could lead to malware running on your machine.

We couldn't believe it either - it's four weeks since Firefox's last regular security update. If you want to check your version numbers, Firefox 76.0 is now replaced by 77.0; Firefox 68.8.0ESR is now 68.9.0ESR, and the Tor Browser, based on Firefox ESR, is now at version 9.5 and based on 68.9.0ESR. As we've explained before but we'll mention again because it's useful to know, the first two numbers in the ESR version should add up to the leftmost number in the regular release.

Firefox 77 and Tor Browser 9.5 were released this week with patches for a variety of vulnerabilities, including several rated high severity. Mozilla's browser arrived with a total of 8 security fixes, including 5 that address high severity issues.

A tweak to the next version of Mozilla Firefox should fix the longstanding problem of generating a password that exceeds the maximum length allowed by a website without being alerted that this has happened. Ultimately, it's the responsibility of websites, which impose limits on passwords without always stating what these are, coping with divergence using the blunt force of truncation.

Mozilla has released Firefox 76, which comes with critical security fixes and new features related to Firefox Lockwise, the browser's password manager/generator that's also available as a standalone app for iOS and Android. Just in time for this year's World Password Day, Mozilla has released new Firefox Lockwise features.

Firefox just published its latest now-every-fourth-Tuesday release, bringing numerous security fixes, including three denoted critical. CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8.

Mozilla this week released Firefox 76 to the stable channel with an updated password manager, alerts for breached passwords, and patches for 11 vulnerabilities. Starting with the new release, the browser aims to help users better keep their accounts secure and easily generate strong passwords, courtesy of the new Firefox Lockwise password manager.

Most people often still have only two email addresses, one for work and a personal address, and they are often sitting targets for spammers, scammers and nuisance emailers in the digital equivalent of 'we know where you live'. When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.