Security News

Firefox 77 and Tor Browser 9.5 were released this week with patches for a variety of vulnerabilities, including several rated high severity. Mozilla's browser arrived with a total of 8 security fixes, including 5 that address high severity issues.

A tweak to the next version of Mozilla Firefox should fix the longstanding problem of generating a password that exceeds the maximum length allowed by a website without being alerted that this has happened. Ultimately, it's the responsibility of websites, which impose limits on passwords without always stating what these are, coping with divergence using the blunt force of truncation.

Mozilla has released Firefox 76, which comes with critical security fixes and new features related to Firefox Lockwise, the browser's password manager/generator that's also available as a standalone app for iOS and Android. Just in time for this year's World Password Day, Mozilla has released new Firefox Lockwise features.

Firefox just published its latest now-every-fourth-Tuesday release, bringing numerous security fixes, including three denoted critical. CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8.

Mozilla this week released Firefox 76 to the stable channel with an updated password manager, alerts for breached passwords, and patches for 11 vulnerabilities. Starting with the new release, the browser aims to help users better keep their accounts secure and easily generate strong passwords, courtesy of the new Firefox Lockwise password manager.

Most people often still have only two email addresses, one for work and a personal address, and they are often sitting targets for spammers, scammers and nuisance emailers in the digital equivalent of 'we know where you live'. When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.

Mozilla on Thursday announced some changes to its Firefox bug bounty program, including bigger rewards and its decision to accept duplicate reports in some cases. The organization has been running a bug bounty program since 2004, and between 2017 and 2019 it paid out nearly $1 million for roughly 350 vulnerabilities.

Most of the low-severity bugs were insufficient policy enforcements too, complemented by several inappropriate implementations, uninitialized use in WebRTC, and use-after-free in V8. Google says it paid over $26,000 in bug bounty rewards to the reporting security researchers, but the company has yet to disclose the exact amount it awarded for all of the externally reported vulnerabilities. Mozilla, which revisited the previous decision to disable TLS 1.0 and 1.1 in its browser, this week pushed Firefox 75 to the stable channel, packing it with six security patches for the desktop, and two patches targeting vulnerabilities specific to the Android platform.

We'll refer to this one a Fourthytuesday instead, now that Firefox has reduced its update wavelength to four weeks to get important-but-not-zero-day-critical fixes out just that bit more frequently. If your automatic update hasn't happened yet, a manual check will let you "Jump the queue" and get the update a bit sooner.

This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser's cache even after you logged out of Twitter. We started Firefox with a totally empty cache, browsed to twitter.com, and then grabbed a copy of the files Firefox had chosen to keep for later in its cache directory.