Security News

Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information. Necessarily alert to revenue diversification opportunities in light of its dependence on Google paying to be the default search service on its beleaguered Firefox browser, Mozilla has taken Monitor beyond HIBP alerts, added data removal, and branded that expanded service Monitor Plus with a subscription fee of $8.99 per month.

Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser. Trusted Types addresses the risk of unsafe input by limiting the attack surface via Content Security Policy and a content filtering mechanism.

Mozilla VPN’s fast performance may not be enough to make up for its small server network and lack of features. Learn more about it in our full review below.

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution when processing a specially crafted image.

Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client. "Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild," Mozilla said in an advisory published on Tuesday.

A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in a publicly released fix because the disclosure process went off the rails. In a post to the Openwall security mailing list, Matthias Gerstner describes a broken authentication check in Mozilla VPN client v2.14.1, released on May 30.

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns," the company said in its Release Notes for Firefox 115.0 released last week.

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. The ads popping in Firefox disable the web browser's functionality, denying users access to the interface and graying out everything in the background until they close them.

Mozilla has addressed issues causing Firefox to crash on macOS and to freeze with a non-responding blank window when starting on Windows 11 systems. According to the user who first reported the Windows freeze issue, the bug likely impacts Firefox users running Windows 11 who have also installed this month's KB5023706 cumulative update.

Mozilla has announced the integration of Firefox Relay, an email protection system that helps users evade trackers and spammers, directly into the Firefox browser. From now on, whenever a user browses a website that requests them to create an account, Firefox Relay will offer to generate a new email mask or use an existing one.