Firefox | Breaking Cybersecurity News | The Hacker News

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send , to the public, allowing users to securely share large files like video, audio or photo files that can be too big to fit into an email attachment. Firefox Send was initially rolled out by Mozilla to test users way back in August 2017 as part of the company's now-defunct "Test Pilot" experimental program. Firefox Send allows you to send files up to 1GB in size, but if you sign up for a free Firefox account, you can upload files as large as 2.5GB in size. The service uses a browser-based encryption technology that encrypts your files before uploading them to the Mozilla server, which can only be decrypted by the recipients. Unlike popul

All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols. Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to establish a secure and encrypted communications channel between clients and servers. There are currently four versions of the TLS protocol—TLS 1.0, 1.1, 1.2 and 1.3 ( latest )—but older versions, TLS 1.0 and 1.1, are known to be vulnerable to a number of critical attacks, such as  POODLE  and  BEAST . Since TLS implementation in all major web browsers and applications supports downgrade negotiation process, it leaves an opportunity for attackers to exploit weaker protocols even if a server supports the latest version. All Major Web Browsers Will Remove TLS 1.0 and TLS 1.1 Support in 2020

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser , today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit. In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript browser plugin comes pre-installed with the Mozilla Firefox bundled in the Tor software. NoScript is a free browser extension that blocks malicious JavaScript, Java, Flash and other potentially dangerous content on all web pages by default, though users can whitelist sites they trust. According to Zerodium, NoScript "Classic" versions 5.0.4 to 5.1.8.6--with 'Safest' security level enabled--included in Tor Browser 7.5.6 can be bypassed to run any JavaScript file by changing its content-type header to JSON format. In other words, a website can exploit this vulnerability to execute malicious JavaScript on victim

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Google Chrome, the vulnerability resides in the way browsers handle cross-origin requests to video and audio files, which if exploited, could allow remote attackers to even read the content of your Gmail or private Facebook messages. For security reasons, modern web browsers don't allow websites to make cross-origin requests to a different domain unless any domain explicitly allows it. That means, if you visit a website on your browser, it can only request data from the same origin the site was loaded from, preventing it from making any unauthorized request on your behalf in an attempt to steal your data from other sites. However, web browsers do not respond in the same way while fetc

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities. According to a security advisory published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution' flaw that originates due to 'insufficient sanitization' of HTML fragments in chrome-privileged documents (browser UI). Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or ' opening a file that submits malicious input to the affected software .' "A successful exploit could allow the attacker t

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both , Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a

It is time to give Firefox another chance. The Mozilla Foundation today announced the release of its much awaited Firefox 57 , aka Quantum web browser for Windows, Mac, and Linux, which claims to defeat Google's Chrome. It is fast. Really fast. Firefox 57 is based on an entirely revamped design and overhauled core that includes a brand new next-generation CSS engine written in Mozilla's Rust programming language, called Stylo. Firefox 57 "Quantum" is the first web browser to utilize the power of multicore processors and offers 2x times faster browsing experience while consuming 30 percent less memory than Google Chrome. Besides fast performance, Firefox Quantum, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," also brings massive performance improvements with tab prioritization, and significant visual changes with a completely redesigned user interface (UI), called Photon . This new version also adds in support for AMD V

Ever since the launch of Windows 10, Microsoft has been heavily pushing its Edge browser, claiming it to be the best web browser over its competitors like Mozilla Firefox, Opera and Google Chrome in terms of speed and battery performance. However, Microsoft must admit that most users make use of Edge or Internet Explorer only to download Chrome, which is by far the world's most popular internet browser. Something hilarious happened recently during a live demonstration when a Microsoft engineer caught on a video switching from Edge to Chrome after the default Windows 10 browser stopped responding in the middle of the presentation. That is really embarrassing. The incident happened in the middle of a Microsoft Ignite conference, where the Microsoft presenter Michael Leworthy was demonstrating how to one can migrate their applications and data to Microsoft Azure cloud service. See what happens in the video below: However, Leworthy was forced to pause his Azure presenta

Do you know? Thousands of websites use HTML5 Canvas —a method supported by all major browsers that allow websites to dynamically draw graphics on web pages—to track and potentially identify users across the websites by secretly fingerprinting their web browsers. Over three years ago, the concern surrounding browser fingerprinting was highlighted by computer security experts from Princeton University and KU Leuven University in Belgium. In 2014, the researchers demonstrated how browser's native Canvas element can be used to draw unique images to assign each user's device a number (a fingerprint) that uniquely identifies them. These fingerprints are then used to detect when that specific user visits affiliated websites and create a profile of the user's web browsing habits, which is then shared among advertising partners for targeted advertisements. Since then many third-party plugins and add-ons (ex. Canvas Defender ) emerged online to help users identify and block

After years of waiting, Mozilla last week launched Firefox 54 for Windows, Mac, Linux, and Android, with multi-process support — a "major improvement" to improve your browsing experience — but many users are still struggling to take advantage of this feature. Mozilla's multi-process support in Firefox has been in development for over eight years as part of a project, codenamed Electrolysis or E10S, which aimed at improving responsiveness and speed by streamlining memory use by different processes. Describing the latest release as the largest change to Firefox code ever, Mozilla says it has worked hard to avoid increased memory consumption, and slower performance, as Firefox now uses up to four processes to run web page content across all open tabs. In other words, Firefox is finally making use of "significantly less RAM" of your computer, as heavy web pages in one tab will now have a much lower impact on responsiveness and speed in other tabs. &quo

The malicious scam campaign, " The 'HoeflerText' font wasn't found ," is back, which was previously targeting Google Chrome users to trick them into installing Spora ransomware on their computers. This time the campaign has been re-designed to target Mozilla Firefox users with a banking trojan, called Zeus Panda , says   Kafeine , a security researcher at Proofpoint. Interestingly, the attackers behind this new campaign are so stupid that they forgot to change the name of the font, i.e. HoeflerText, due to which can be easily spotted. As I previously warned — Next time when you accidentally land up on a suspicious website with jumbled content prompting to update the Firefox or Chrome font pack by downloading a missing text font to read the article… Just don't download it. It's obviously a trap. Just like the previous one, the latest Firefox 'HoeflerText font wasn't found scam is also very convincing and easy to fall for. The attack in

Just like most of you, I too really hate filling out web forms, especially on mobile devices. To help make this whole process faster, Google Chrome and other major browsers offer "Autofill" feature that automatically fills out web form based on data you have previously entered in similar fields. However, it turns out that an attacker can use this autofill feature against you and trick you into spilling your private information to hackers or malicious third parties. Finnish web developer and whitehat hacker Viljami Kuosmanen published a demo on GitHub that shows how an attacker could take advantage of the autofill feature provided by most browsers, plugins, and tools such as Password Managers. Although, this trick was first discovered by Ricardo Martin Rodriguez , Security Analyst at ElevenPaths, in the year 2013, but it seems Google haven't done anything to address weakness in Autofill feature. The proof-of-concept demo website consists of a simple online

North Korea's own homegrown computer operating system, that's supposed to be fully hacker proof and more secure than foreign OS, like Microsoft's Windows, can easily be hacked remotely. A group of hackers managed to break into Red Star OS — North Korea's government sanctioned Linux-based OS — using just a link. Red Star OS is North Korea's own homegrown OS that looks remarkably just like Apple's OS X and gives North Korean authorities more control over the computers, providing not only security but also spying tools that help track files in a way that if the government wants, every bit of user's data can be traced easily. According to the information security company Hacker House , Red Star OS contains a critical vulnerability that makes it possible for hackers to gain remote access to any PC running North Korea's OS just by tricking victims into opening a hyperlink. The latest version of Red Star OS ships with a Firefox-based web browser cal

The critical Firefox vulnerability being actively exploited in the wild to unmask Tor users has been patched with the release of new browser updates. Both Mozilla and Tor Project has patched the vulnerability that allows attackers to remotely execute malicious code on Windows operating system via memory corruption vulnerability in Firefox web browser. Tor Browser Bundle is a repackaged version of the open-source Mozilla Firefox browser that runs connections through the Tor anonymizing network configured to hide its user's public IP address. However, the exploit code released by an unnamed online user was currently being exploited against Tor Browser users to leak the potentially identifying information of Tor users. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," an official of the anonymity network wrote in an advisory published on Wednesday.  "Even though there is currently...no similar explo

Hackers are actively exploiting a zero-day vulnerability in Firefox to unmask Tor Browser users, similar to what the FBI exploited during an investigation of a child pornography site. Tor (The Onion Router) is an anonymity software that not only provides a safe heaven to human rights activists, journalists, government officials, but also is a place where drugs, assassins for hire, child pornography, and other illegal activities has allegedly been traded. A Javascript zero-day exploit currently being actively exploited in the wild is designed to remotely execute malicious code on the Windows operating system via memory corruption flaw in Firefox web browser. The exploit code was publicly published by an admin of the SIGAINT privacy-oriented public email service on the Tor-Talk mailing list. The mailing list message reveals that the zero-day exploit affecting Firefox is currently being exploited against Tor Browser users by unknown attackers to leak the potentially identifyi

Browser extensions have become a standard part of the most popular browsers and essential part of our lives for surfing the Internet. But not all extensions can be trusted. One such innocent looking browser add-on has been caught collecting browsing history of millions of users and selling them to third-parties for making money. An investigation by German television channel NDR ( Norddeutscher Rundfunk ) has discovered a series of privacy breaches by Web Of Trust (WOT) – one of the top privacy and security browser extensions used by more than 140 Million online users to help keep them safe online. Web of Trust has been offering a " Safe Web Search & Browsing " service since 2007. The WOT browser extension, which is available for both Firefox and Chrome, uses crowdsourcing to rate websites based on trustworthiness and child safety. However, it turns out that the Web of Trust service collects extensive data about netizens' web browsing habits via its brows

A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5 , while Mozilla still has to patch the critical flaw in Firefox. Attackers can deliver Fake Tor and Firefox Add-on Updates The vulnerability could allow a man-in-the-middle attacker who is able to obtain a forged certificate for addons.mozilla.org to impersonate Mozilla servers and as a result, deliver a malicious update for NoScript, HTTPS Everywhere or other Firefox extensions installed on a targeted computer. "This could lead to arbitrary code execution [vulnerability]," Tor officials warned in an advisory. "Moreover, other built-in certificate pinnings are affected as wel

It's been a long time coming, but now the users of Firefox and Opera browsers don't need to rely on the Chrome browser to access WhatsApp Web client, as the most popular smartphone messaging service has announced that the Web-based version of its service now works on Firefox and Opera web browsers   too. WHATSAPP WEB AVAILABLE FOR OPERA & FIREFOX Almost a month ago, WhatsApp launched the web client of its service but the access was limited only to the Google Chrome users. Now, the company is giving more choices to desktop users by launching WhatsApp Web Today for Opera and Firefox browsers , though you'll still have to wait a little long if you're a Safari user. WhatsApp Web is nothing than an extension of the core mobile WhatsApp application. It syncs conversations from your smartphone devices to your PCs, with everything stored on the mobile device itself. HOW TO USE WHATSAPP ON PC/DESKTOP In order to install WhatsApp web in your PC or laptop running

Tails , a Linux-based highly secure Operating System specially designed and optimized to preserve users' anonymity and privacy, has launched its new release, Tails version 1.1.2. Tails, also known as ' Amnesiac Incognito Live System ', is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data. The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities. The new version 1.1.2 addresses a single but critical vulnerability which arises because the Network Security Services (NSS) libraries parser used by Firefox and other browsers is capable of being tricke

Mozilla has officially released its latest build Firefox 31 for all supported platforms, addressing 11 vulnerabilities in total, three of which are marked critical that could have been exploited by hackers to mount remote code execution attacks. Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to " run attacker code and install software, requiring no user interaction beyond normal browsing ". CRITICAL VULNERABILITIES The three major vulnerabilities are as follows: MFSA 2014-62 - This is one of the three critical vulnerabilities reported by Patrick Cozzi and get fixed in the newer version of the browser. The vulnerability allows the exploitation of a WebGL crash with Cesium JavaScript library. Much details about the flaw are not known at the time, but Mozilla notes that the flaw cannot be exploi