Security News
Clickjacking, very simply put, is where an attacker lures you to a part of the screen that looks safe to click on, and tricks you into clicking your mouse or tapping your finger on the spot marked X. only to have your click sent to a component in the web page that you definitely wouldn't have clicked on if only you'd known where your click was really going. Serve up content as a lure, showing a button or something of that sort that you'd be likely to see and want to click on.
Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. The ads popping in Firefox disable the web browser's functionality, denying users access to the interface and graying out everything in the background until they close them.
Mozilla has addressed issues causing Firefox to crash on macOS and to freeze with a non-responding blank window when starting on Windows 11 systems. According to the user who first reported the Windows freeze issue, the bug likely impacts Firefox users running Windows 11 who have also installed this month's KB5023706 cumulative update.
Mozilla has announced the integration of Firefox Relay, an email protection system that helps users evade trackers and spammers, directly into the Firefox browser. From now on, whenever a user browses a website that requests them to create an account, Firefox Relay will offer to generate a new email mask or use an existing one.
CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9. These bugs were shared between the current version and the ESR version, short for extended support release.
In today's digital age, cybersecurity and privacy have become major concerns for internet users. With the press of a button, DuckDuckGo Privacy Essentials offers seamless protection from most 3rd-party trackers while you search and browse, access to tracking protections for emails you receive, and much more.
Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
The highest severity level is High, which applies to seven different bugs, four of which are memory mismanagement flaws that could lead to a program crash, including CVE-2022-45407, which an attacker could exploit by loading a font file. Most bugs relating to font file usage are caused by the fact that font files are complex binary data structures, and there are many different file formats that products are expected to support.