Security News

Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity. "We're bringing it to Firefox Focus on Android, our simple, privacy by default companion app. Firefox Focus on Android will be the first Firefox mobile browser to have Total Cookie Protection," Mozilla said today.

Specifically, the error code 'MOZILLA PKIX ERROR OCSP RESPONSE FOR CERT MISSING' and the message "The OCSP response does not include a status for the certificate being verified," help trace down the cause of the issue. The Online Certificate Status Protocol is a way for browsers and other client-side applications to check if an SSL certificate has been revoked, as an alternative to relying on traditional revocation lists.

The latest version of Firefox is now available and includes an important step forward for web browser security. Firefox, the little browser that could, continues chugging along.

Today's a Firefox Tuesday, when the latest version of Mozilla's browser comes out, complete with all the security updates that have been merged into the product since the previous release. Note that on Linux and some Unixen, Firefox might be delivered as part of your distro, so check there for the latest version if Firefox doesn't offer to update itself.

Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "Accidental defects as well as supply-chain attacks." All major browsers are designed to run web content in their own sandboxed environment as a means to counter malicious sites from exploiting a browser vulnerability to compromise the underlying operating system.

Two years ago, we wrote about the fact that incautious software developers had uploaded hundreds of thousands of private access control keys, entirely unintentionally, along with source code files that they did intend to make public. Blindly packaging all these files into an archive for uploading to your favourite public repository seems pretty harmless, given that all the files in the lua account are supposed to be public.

Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions. Aidan Martin, a security engineer at London-based rail travel service Trainline, alerted The Register to the public availability of these files after reporting his findings through HackerOne and being told by a GitHub representative that "Credentials exposed by our users are not in scope for our Bug Bounty program."

Mozilla hopes to ramp up the monetisation machine with a paid premium version of its Firefox Relay service, upping the current limit of five email aliases to a near-unlimited number. Firefox Relay hides a user's real email address behind an alias to both protect the user's identity and spare their inbox from spam.

Firefox is now available for download through Microsoft's Windows Store for Windows 10 and Windows 11 users, the first major web browser to be added after Opera was added in late September. Until today, Mozilla couldn't bring its web browser onto the Microsoft Store because Redmond's store policies required that all browsers submitted for inclusion had to use the engine provided by Windows.

The Firefox team said that the misbehaving Firefox add-ons they found in June - named Bypass and Bypass XM - were misusing the API to intercept and redirect users from downloading updates, accessing updated blocklists and updating remotely configured content. Mozilla has blocked the malicious add-ons in order to keep them from being installed by yet more users.