Security News

Twitter informed users on Thursday that their personal information may have been exposed due to the way the Firefox web browser stores cached data. "We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser's cache," Twitter explained.

If you used Firefox on a shared PC to, for example, send or receive media in private Twitter messages, or download an archive of your profile that contained non-public information, be aware this data was inadvertently cached on the computer. Twitter did not specify what exactly caused private data to collect in the browser cache, though it appears a HTTP header was not used as expected, causing Firefox to retain media files and downloaded data for up to seven days.

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat actor in attacks aimed at China and Japan. Both vulnerabilities were exploited in attacks before patches were released.

If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account. I've covered the installation and setup of this app in my post, How to use the Firefox Multi-Account Containers extension.

Converting websites from HTTP to HTTPS over the last decade must count as one of the most successful quiet security upgrades ever to affect web browsing. There are some HTTPS security caveats worth mentioning, but before getting to them we'll start with the news that that Mozilla's Firefox will, from May's version 76, offer the option to browse in an HTTPS-only mode.

Firefox Extended Support Release will continue to have FTP turned on by default in ESR version 78. A part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past.

Mozilla is getting ready to remove support for the File Transfer Protocol from the Firefox web browser due to security concerns. The Internet giant aims to completely remove support for FTP in Chrome 82.

Firefox has decided it's time to burn the browser's FTP connections. Platform list, developer Michal Novotny announced "We plan to remove FTP protocol implementation from our code."

Just a month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements. Firefox 74 fixes the problem by using multicast DNS with ICE to create a random ID that cloaks a computer's IP address.

With TLS 1.0 and TLS 1.1 considered vulnerable to various types of attacks, including BEAST, CRIME and POODLE, the Internet organization last month announced plans to disable them in its popular browser and allow only connections made using TLS 1.2 and TLS 1.3. An override button on the error page will provide users with the option to fallback to TLS 1.0 or TLS 1.1.