Security News

Converting websites from HTTP to HTTPS over the last decade must count as one of the most successful quiet security upgrades ever to affect web browsing. There are some HTTPS security caveats worth mentioning, but before getting to them we'll start with the news that that Mozilla's Firefox will, from May's version 76, offer the option to browse in an HTTPS-only mode.

Firefox Extended Support Release will continue to have FTP turned on by default in ESR version 78. A part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past.

Mozilla is getting ready to remove support for the File Transfer Protocol from the Firefox web browser due to security concerns. The Internet giant aims to completely remove support for FTP in Chrome 82.

Firefox has decided it's time to burn the browser's FTP connections. Platform list, developer Michal Novotny announced "We plan to remove FTP protocol implementation from our code."

Just a month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements. Firefox 74 fixes the problem by using multicast DNS with ICE to create a random ID that cloaks a computer's IP address.

With TLS 1.0 and TLS 1.1 considered vulnerable to various types of attacks, including BEAST, CRIME and POODLE, the Internet organization last month announced plans to disable them in its popular browser and allow only connections made using TLS 1.2 and TLS 1.3. An override button on the error page will provide users with the option to fallback to TLS 1.0 or TLS 1.1.

Five high-severity bugs were fixed in the Firefox web browser with the release of version 74 by the Mozilla Foundation on Tuesday. In total, 12 bugs were patched with six rated as moderate severity and one low-severity bug.

Mozilla has said it plans to make a privacy technology called DNS-over-HTTPS the default setting for US users of Firefox within weeks. Although not a perfect shield against DNS snooping, DoH makes that a lot harder.

A group of researchers has built a sandbox framework that can improve the security of Firefox by isolating third-party libraries used by the browser. Similar to other major browsers, Firefox relies on third-party libraries to render content - such as audio, video, and images - and these libraries often introduce additional vulnerabilities, researchers from the University of California San Diego, University of Texas at Austin, Stanford University and Mozilla say.

Mozilla has started rolling out encrypted DNS-over-HTTPS by default for its Firefox users in the United States. DoH provides increased security for Internet users, the DoH protocol ensures that DNS queries and DNS responses are sent and received over HTTP using TLS. Mozilla has been working on bringing DoH to Firefox since 2017, and tens of thousands were already using the protocol in September 2019, when it revealed plans to roll out DoH to Firefox users in the U.S., in fallback mode.