Security News

Mozilla has announced a new Firefox protection feature to stymie a new user tracking technique lately employed by online advertisers: redirect tracking. By implementing anti-fingerprinting protections, an anti tracking policy, Enhanced Tracking Protection blocking trackers, cross-site and third-party tracking cookies, Mozilla has, slowly but surely, been enhancing Firefox tracking protections for years.

Well, 28 July 2020 is a Blue Firefox Update event - the second major security fix of the month, given that Mozilla now uses an every-four-weeks-on-Tuesday rhythm, and Firefox 78.0 came out on the first day of the month. Microsoft and Adobe follow a process of "Once each month on the second Tuesday"; Oracle has a system than delivers "Four times a year on the Tuesday closest to the 17th day of the first month of each calendar quarter", and Apple favours the "When security fixes are ready they arrive, and we deliberately don't say exactly when for security reasons" approach.

You upload the file to a file sharing site, optionally setting various options that describe which other users can see it, and for how long, and then send the recipient an email that contains a download link where they can fetch the file at their leisure. Which is why we are occasional but enthusiastic users of Firefox Send, a free service from Mozilla that aims to let you share large files easily, but without the worry of what gets left behind and forgotten about.

Cisco's Talos threat intelligence and research group this week disclosed the details of recently patched vulnerabilities affecting the Chrome and Firefox web browsers. The Chrome flaw, tracked as CVE-2020-6463 and classified as high severity with a CVSS score of 8.8, was patched by Google in April with the release of Chrome 81.0.4044.122.

ESR is short for Extended Support Release, often preferred by IT departments because it gets security fixes at the same rate as the regular version, but only takes on new features in a staggered fashion - in other words, users of the ESR versions are shielded from sudden switches in appearance, user interface and workflow. Firefox 78 no longer supports TLS 1.0 or TLS 1.1, which are older versions of the TLS security protocol that is now de rigueur for web servers.

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats. "Connections to TLS servers violating these new requirements will fail," Apple warned in its official note.

Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced. This means the ISP, which has joined Moz's Trusted Recursive Resolver Program, will perform domain-name-to-IP-address lookups for subscribers using Firefox via encrypted HTTPS channels.

Cisco's Talos threat intelligence and research group has released information on a recently addressed vulnerability in Firefox that could be exploited for code execution. Cisco Talos on Wednesday published technical details on the security flaw, explaining that successful exploitation could lead to remote code execution.

Mozilla has emitted security updates for Firefox to address eight CVE-listed security flaws, five of them considered to be high-risk vulnerabilities. Of the five high-risk flaws, three are confirmed to allow arbitrary code execution, which in the case of a web browser means that simply loading up a malicious page could lead to malware running on your machine.

We couldn't believe it either - it's four weeks since Firefox's last regular security update. If you want to check your version numbers, Firefox 76.0 is now replaced by 77.0; Firefox 68.8.0ESR is now 68.9.0ESR, and the Tor Browser, based on Firefox ESR, is now at version 9.5 and based on 68.9.0ESR. As we've explained before but we'll mention again because it's useful to know, the first two numbers in the ESR version should add up to the leftmost number in the regular release.