Security News

Eighteen of 25 reproductive health apps and wearable devices reviewed by Mozilla received a *Privacy Not Included warning label - meaning they have problems when it comes to protecting users' privacy and security. For its latest *Privacy Not Included guide - it has compiled several of these to help consumers shop for relatively safe and less creepy products and apps that connect to the internet - Mozilla's researchers chose ten popular period tracking apps, ten pregnancy tracking apps, and five health and fitness wearable devices that track fertility.

Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.

Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast. We do know that Mozilla will be rushing to fix this one as soon as they get the details out of the Pwn2Own competition.

Mozilla privacy survey finds mental health and prayer apps fail privacy test pretty spectacularly. Apps with the most sensitive data seem to be the worst at protecting user privacy, according to a review by Mozilla's Privacy Not Included team.

While they have good intentions to foster mental health and spiritual wellness, the majority of mental-health and prayer apps can harm their users in other ways by exposing personal and intimate data due to a severe lack of security and privacy protections, researchers from Mozilla have found. Mozilla's Jen Caltrider, the lead researcher for the report, went so far as to call the majority of mental health and prayer apps "Exceptionally creepy" in a blog post about the study.

Mozilla has removed the Yandex Search, Mail.ru, and OK.ru default search providers from the Firefox browser over reports of state-sponsored content favored in search results. Since 2014, Mozilla has made Yandex the default search engine in Russia, and the following year made it the default search for users in Turkey.

Mozilla has removed the Yandex Search, Mail.ru, and OK.ru default search providers from the Firefox browser over reports of state-sponsored content favored in search results. Since 2014, Mozilla has made Yandex the default search engine in Russia, and the following year made it the default search for users in Turkey.

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations parameter processing and the WebGPU inter-process communication Framework.

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities exploited by attackers in the wild. CVE-2022-26485 affects XSLT parameter processing and can be used to achieve remote code execution within the context of the application.

Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks. As Mozilla's security advisory explains, the Firefox developers are aware of "Reports of attacks in the wild" actively exploiting these vulnerabilities.