Security News

Mozilla Firefox 73 Browser Update Fixes High-Severity RCE Bugs
2020-02-12 19:14

The patched version of Mozilla's browser, launched on Tuesday, is Firefox 73 and Firefox ESR 68.5. One of the vulnerabilities, tracked as CVE-2020-6800, was fixed in a previous release of Firefox 72 and the current Firefox ESR 68.5 update on Tuesday.

Mozilla issues final warning to websites using TLS 1.0
2020-02-12 16:13

We're committed to completely eradicating weak versions of TLS because at Mozilla we believe that user security should not be treated as optional. Although not exactly a household name, TLS is the encryption protocol that makes several types of secure connection possible, including secure versions of SMTP, POP3, FTP and of, course, HTTP. For example, when a browser visits a site using HTTPS, TLS sets up authentication, the exchange of session keys, and agreement on cipher suites.

Mozilla bans Firefox extensions for executing remote code
2020-01-28 10:38

The nature of the banned extensions is difficult to say - Mozilla lists them on Bugzilla using only the IDs they used on addons. The hard ban on extensions that execute remote code seems to have happened around the time pre-release versions of Firefox 72 hove into view, but this was only noticed by some developers and users when the company abruptly banned several page translation extensions in November.

Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox
2020-01-27 21:26

UPDATE. Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. In this case, Google said that after becoming aware of a widespread pattern of pernicious behavior on the part of a large number of Chrome extensions, it has disabled extensions that contain a monetary component - those that are paid for, offer in-browser transactions and those that offer subscription services.

Mozilla patches actively exploited Firefox zero-day
2020-01-09 11:34

Mozilla has patched a Firefox zero-day vulnerability that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible. A day after Mozilla released Firefox 72 - which blocks fingerprinting scripts by default for all users, replaces annoying notification request pop-ups from various sites with a speech bubble in the address bar, and fixes a number of security issues - the corporation pushed out Firefox 72.0.1 with a fix for CVE-2019-17026, a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time compiler for Mozilla's JavaScript engine.

Mozilla Patches Firefox Zero-Day Exploited in Targeted Attacks
2020-01-09 05:53

Updates released by Mozilla on Wednesday for its Firefox browser address a zero-day vulnerability that has been exploited in targeted attacks. Mozilla says it's aware of targeted attacks exploiting this zero-day, but no other information has been made available.

Mozilla Releases Firefox 72: High-Severity Bugs Patched, Fingerpinting Nixed
2020-01-08 18:04

UPDATE. Mozilla patched a critical vulnerability actively being exploited in the wild with its latest update to the Firefox browser. The disclosure came a day after Mozilla released its latest Firefox 72 browser on Tuesday.

Mozilla adds NextDNS to list of DNS-over-HTTPS providers
2019-12-18 12:07

Firefox users interested in turning on the browser’s DNS-over-HTTPS (DoH) privacy feature now have two providers to choose from.

Mozilla mandates 2FA security for Firefox developers
2019-12-17 10:57

Mozilla last week fired off an important memo to all Firefox extension developers telling them to turn on authentication (2FA) on their addons.mozilla.org (AMO) accounts.

Mozilla: Firefox Add-On Developers Must Use 2FA
2019-12-17 08:33

Enhanced Authentication Could Help Beef Up Security of the Supply ChainTo help enhance security, Firefox extension developers will be required to set up their accounts to support two-factor...