Security News
A malicious Firefox add-on named "Safepal Wallet" scammed users by emptying out their wallets and lived on the Mozilla add-ons site for seven months. Safepal is a cryptocurrency wallet application capable of securely holding more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin.
Mozilla is running a study to test users' responses to changing the default Firefox search engine to Microsoft Bing. Like all browsers, Mozilla Firefox automatically configures a browser to a default search engine for performing searches via the address bar.
Likely fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. After some programs began hijacking default program settings without permission, Microsoft added restrictions in Windows 10 by requiring users to specifically choose their default programs.
Released on August 10, Firefox 91 delivers HTTPS by Default in Private Browsing mode and an enhanced cookie clearing option. "While there remain many websites that don't use HTTPS by default, a large fraction of those sites do support the optional use of HTTPS. In such cases, Firefox Private Browsing Windows now automatically opt into HTTPS for the best available security and privacy," Mozilla explained.
Mozilla on Tuesday released Firefox 91, a version of the web browser that brings enhanced cookie clearing, HTTPS by default in private browsing mode, and patches for several high-severity vulnerabilities. Once the user updates Firefox to version 91, the browser will automatically use an HTTPS connection when the Private Browsing feature is used.
This change builds on the inclusion of default blocks for cross-site tracking in private browsing, first introduced after Total Cookie Protection was released with Firefox 86 in February. Enhanced Cookie Clearing is triggered automatically whenever you're clearing cookies and other site data after enabling Strict Tracking Protection.
Mozilla has launched an experiment where they change the Firefox browser user agent to a three-digit "Firefox/100.0" version to see if it will break websites. The current user agent for Mozilla Firefox version 90 is listed below.
Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
Mozilla has completely removed support for the File Transfer Protocol from the latest release of its flagship Firefox web browser. FTP has been abused in various malware distribution campaigns, some of which involved the compromise of FTP servers to leverage the protocol for payload delivery.
Mozilla this week pushed Firefox 90 to the stable channel with several security improvements, including better protections against cross-origin threats and an advanced tracker blocking mechanism. The open-source browser refresh is currently rolling out with support for Fetch Metadata Request Headers, which means that web applications can better protect users against cross-site request forgery, cross-site leaks, and speculative cross-site execution side channel attacks.