Security News

A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in a publicly released fix because the disclosure process went off the rails. In a post to the Openwall security mailing list, Matthias Gerstner describes a broken authentication check in Mozilla VPN client v2.14.1, released on May 30.

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns," the company said in its Release Notes for Firefox 115.0 released last week.

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. The ads popping in Firefox disable the web browser's functionality, denying users access to the interface and graying out everything in the background until they close them.

Mozilla has addressed issues causing Firefox to crash on macOS and to freeze with a non-responding blank window when starting on Windows 11 systems. According to the user who first reported the Windows freeze issue, the bug likely impacts Firefox users running Windows 11 who have also installed this month's KB5023706 cumulative update.

Mozilla has announced the integration of Firefox Relay, an email protection system that helps users evade trackers and spammers, directly into the Firefox browser. From now on, whenever a user browses a website that requests them to create an account, Firefox Relay will offer to generate a new email mask or use an existing one.

After a lengthy discussion between staff at Mozilla and Apple, security researchers and the CA itself, Mozilla program manager Kathleen Wilson said the org's concerns were "Substantiated" enough to set a distrust date of November 30 for TrustCor's root certificates. Microsoft didn't participate in the conversation; instead, TrustCor executive Rachel McPherson claimed that Microsoft had set a distrust date of November 1 for her company's certs.

Mozilla has fixed a known issue causing the Firefox web browser to freeze when copying text on Windows 11 devices where the Suggested Actions clipboard feature is enabled. The issue impacts Firefox users running Microsoft's latest OS release, Windows 11, version 22H2, where this new feature is enabled by default.

Eighteen of 25 reproductive health apps and wearable devices reviewed by Mozilla received a *Privacy Not Included warning label - meaning they have problems when it comes to protecting users' privacy and security. For its latest *Privacy Not Included guide - it has compiled several of these to help consumers shop for relatively safe and less creepy products and apps that connect to the internet - Mozilla's researchers chose ten popular period tracking apps, ten pregnancy tracking apps, and five health and fitness wearable devices that track fertility.

Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.

Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast. We do know that Mozilla will be rushing to fix this one as soon as they get the details out of the Pwn2Own competition.