Security News
The patched version of Mozilla's browser, launched on Tuesday, is Firefox 73 and Firefox ESR 68.5. One of the vulnerabilities, tracked as CVE-2020-6800, was fixed in a previous release of Firefox 72 and the current Firefox ESR 68.5 update on Tuesday.
We're committed to completely eradicating weak versions of TLS because at Mozilla we believe that user security should not be treated as optional. Although not exactly a household name, TLS is the encryption protocol that makes several types of secure connection possible, including secure versions of SMTP, POP3, FTP and of, course, HTTP. For example, when a browser visits a site using HTTPS, TLS sets up authentication, the exchange of session keys, and agreement on cipher suites.
The nature of the banned extensions is difficult to say - Mozilla lists them on Bugzilla using only the IDs they used on addons. The hard ban on extensions that execute remote code seems to have happened around the time pre-release versions of Firefox 72 hove into view, but this was only noticed by some developers and users when the company abruptly banned several page translation extensions in November.
UPDATE. Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. In this case, Google said that after becoming aware of a widespread pattern of pernicious behavior on the part of a large number of Chrome extensions, it has disabled extensions that contain a monetary component - those that are paid for, offer in-browser transactions and those that offer subscription services.
Mozilla has patched a Firefox zero-day vulnerability that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible. A day after Mozilla released Firefox 72 - which blocks fingerprinting scripts by default for all users, replaces annoying notification request pop-ups from various sites with a speech bubble in the address bar, and fixes a number of security issues - the corporation pushed out Firefox 72.0.1 with a fix for CVE-2019-17026, a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time compiler for Mozilla's JavaScript engine.
Updates released by Mozilla on Wednesday for its Firefox browser address a zero-day vulnerability that has been exploited in targeted attacks. Mozilla says it's aware of targeted attacks exploiting this zero-day, but no other information has been made available.
UPDATE. Mozilla patched a critical vulnerability actively being exploited in the wild with its latest update to the Firefox browser. The disclosure came a day after Mozilla released its latest Firefox 72 browser on Tuesday.
Firefox users interested in turning on the browser’s DNS-over-HTTPS (DoH) privacy feature now have two providers to choose from.
Mozilla last week fired off an important memo to all Firefox extension developers telling them to turn on authentication (2FA) on their addons.mozilla.org (AMO) accounts.
Enhanced Authentication Could Help Beef Up Security of the Supply ChainTo help enhance security, Firefox extension developers will be required to set up their accounts to support two-factor...