Security News

Firefox hits 100*, fixes bugs… but no new zero-days this month
2022-05-03 18:42

At its current release rate of once every four weeks, Firefox has just over 23 years to go to equal Lara's quadruple century, and almost 30 years to reach 502*. No trouble at the version number mill. Back in February 2022, a few mainstream sites didn't seem to realise that 100 was greater than 99, presumably because they were hard-coded to use only the first two characters of the version number, millennium bug style, thus turning the text 100 either into the number 10, or into the number zero.

Firefox 99 is out – no major bugs, but update anyway!
2022-04-05 20:21

The once-every-four-weeks security update to Mozilla's Firefox browser officially arrived today. The regular version of Firefox is now 99.0, while the Extended Support Release, which gets security fixes without any feature updates, is now 91.8.0 ESR. Add together the first two numbers in the ESR release triplet and you should get the same value as the first number in the regular release.

Mozilla Firefox removes Russian search providers over misinformation concerns
2022-03-15 00:29

Mozilla has removed the Yandex Search, Mail.ru, and OK.ru default search providers from the Firefox browser over reports of state-sponsored content favored in search results. Since 2014, Mozilla has made Yandex the default search engine in Russia, and the following year made it the default search for users in Turkey.

Mozilla Firefox removes Yandex, Mail.ru search over misinformation concerns
2022-03-15 00:29

Mozilla has removed the Yandex Search, Mail.ru, and OK.ru default search providers from the Firefox browser over reports of state-sponsored content favored in search results. Since 2014, Mozilla has made Yandex the default search engine in Russia, and the following year made it the default search for users in Turkey.

CISA: Patch actively exploited Firefox zero-days until March 21st
2022-03-08 09:39

The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks within the next two weeks. According to a binding operational directive issued in November, Federal Civilian Executive Branch Agencies agencies are now required to secure their systems against these vulnerabilities, with CISA giving them until March 21st to apply patches.

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
2022-03-07 19:33

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations parameter processing and the WebGPU inter-process communication Framework.

Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
2022-03-07 16:19

Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. The first bug addressed by Mozilla, CVE-2022-26485, is a use-after-free problem in the browser's XSLT parameter processing.

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)
2022-03-07 10:46

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities exploited by attackers in the wild. CVE-2022-26485 affects XSLT parameter processing and can be used to achieve remote code execution within the context of the application.

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs
2022-03-06 19:23

Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks. As Mozilla's security advisory explains, the Firefox developers are aware of "Reports of attacks in the wild" actively exploiting these vulnerabilities.

Firefox patches two actively exploited 0-day holes: update now!
2022-03-05 19:06

Mozilla has published Firefox 97.0.2, an "Out-of-band" update that closes two bugs that are officially listed as critical. Access to the details of the bugs is still restricted to Mozilla insiders, presumably to make it harder for attackers to get at the technical details of how to exploit these security holes.