Security News

Mozilla is following in Google Chrome's footsteps in officially distrusting Entrust as a root certificate authority following what it says was a protracted period of compliance failures. Entrust has apologized to Google, Mozilla, and the wider web community, outlining its plans to regain the trust of browsers, but these appear to be unsatisfactory to both Google and Mozilla.

Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics. To be clear, this new feature does not protect against information-stealing malware but rather prevents people with physical or remote access to the device from using the stored credentials without first authenticating with the device.

A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS...

Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. Yesterday, BleepingComputer received multiple reports that reCaptcha stopped working in the latest version of Mozilla Firefox, with the issues also reported on Twitter and Reddit.

Users may have to upgrade twice to protect their browsers Mozilla has swiftly patched a pair of critical Firefox zero-days after a researcher debuted them at a Vancouver cybersec competition.…

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Mozilla fixed the security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1 to block potential remote code execution attacks targeting unpatched web browsers on desktop devices.

Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. A report of the issue on GitHub confirms that the problem is reproducible on Firefox Mobile 121.0 for Android 13 and additional tests indicate the same behavior on Firfox Nightly 123 and all versions starting v65.

Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. The zero-day exploit could leave users open to a heap buffer overflow, through which attackers could inject malicious code.

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers Updates are now available to patch a Chrome vulnerability that would allow attackers to run malicious code. It's time to update Google Chrome, Mozilla's Firefox or Thunderbird, Microsoft Edge, the Brave browser or Tor Browser; web development news site StackDiary has reported a zero-day vulnerability in all six browsers that could allow threat actors to execute malicious code.

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution when processing a specially crafted image.