Security News

If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account.

Mozilla has released security updates for its Firefox browser in conjunction with a US Cybersecurity and Infrastructure Security Agency advisory warning that critical vulnerabilities in the browser are being actively exploited. To address these flaws, Firefox was updated to version 74.0.1 and Firefox Extended Support Release - a slower evolving version for enterprises - was updated to 68.6.1.

Mozilla has released critical security updates for Firefox and Firefox ESR on Friday, patching two vulnerabilities that are being actively exploited by attackers. Update ASAP. Home users and enterprise admins are advised to implement the provided updates as soon as possible.

Mozilla has released updates for its Firefox web browser to patch two critical use-after-free vulnerabilities that have been exploited in attacks. Both flaws have been addressed with the release of Firefox 74.0.1 and Firefox ESR 68.6.1.

Mozilla just pushed out an update for its Firefox browser to patch a security hole that was already being exploited in the wild. Given that the bug needed patching in both the latest and the ESR versions, we can assume either that the vulnerability has been in the Firefox codebase at least since version 68 first appeared, which was back in July 2019, or that it was introduced as a side effect of a security fix that came out after version 68.0 showed up.0, so the ESR is popular with IT departments who want to avoid frequent feature updates that might require changes in company workflow, but don't want to lag behind on security patches.

Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild. Both bugs have critical ratings and allow remote attackers to execute arbitrary code or trigger crashes on machines running versions of Firefox prior to 74.0.1 and its business-friendly Firefox Extended Support Release 68.6.1.

Twitter informed users on Thursday that their personal information may have been exposed due to the way the Firefox web browser stores cached data. "We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser's cache," Twitter explained.

If you used Firefox on a shared PC to, for example, send or receive media in private Twitter messages, or download an archive of your profile that contained non-public information, be aware this data was inadvertently cached on the computer. Twitter did not specify what exactly caused private data to collect in the browser cache, though it appears a HTTP header was not used as expected, causing Firefox to retain media files and downloaded data for up to seven days.

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat actor in attacks aimed at China and Japan. Both vulnerabilities were exploited in attacks before patches were released.

If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account. I've covered the installation and setup of this app in my post, How to use the Firefox Multi-Account Containers extension.