#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Mozilla | Breaking Cybersecurity News | The Hacker News

Category — Mozilla
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

Nov 26, 2024 Vulnerability / Cybercrime
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) – which in this case led to the installation of RomCom's backdoor on the victim's computer," ESET said in a report shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2024-9680 (CVSS score: 9.8) - A use-after-free vulnerability in Firefox's Animation component (Patched by Mozilla in October 2024)  CVE-2024-49039 (CVSS score: 8.8) - A privilege escalation vulnerability in Windows Task Scheduler (Patched by Microsoft in November 2024) RomCom , also known as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and...
Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Sep 25, 2024 Data Protection / Online Tracking
Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy-Preserving Attribution (PPA) without explicitly seeking users' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said . "In essence, the browser is now controlling the tracking, rather than individual websites." Noyb also called out Mozilla for allegedly taking a leaf out of Google's playbook by "secretly" enabling the feature by default without informing users. PPA, which is currently enabled in Firefox version 128 as an experimental feature, has its parallels in Google's Privacy Sandbox project in Chrome. The initiative, now abandoned by Google , sought to replace third-party tracking cookies with a set of APIs baked into the web browser that advertisers can t...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

May 21, 2024 Supply Chain Security / AI Model
A critical security flaw has been disclosed in the  llama_cpp_python  Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as  CVE-2024-34359  (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system, compromising data and operations," security researcher Guy Nachshon  said . llama_cpp_python, a Python binding for the  llama.cpp library , is a popular package with over 3 million downloads to date, allowing developers to integrate AI models with Python.  Security researcher Patrick Peng (retr0reg) has been credited with discovering and reporting the flaw, which has been addressed in version 0.2.72. The  core issue  stems from the misuse of the Jinja2 template engine within the llama_cpp_python package, allowing for server-side template injection that le...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

Sep 13, 2023 Vulnerability / Browser Security
Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier  CVE-2023-4863 , is a heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution when processing a specially crafted image. "Opening a malicious WebP image could lead to a heap buffer overflow in the content process," Mozilla  said  in an advisory. "We are aware of this issue being exploited in other products in the wild." According to the description on the National Vulnerability Database (NVD), the flaw could allow a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at the University of Toronto's Munk School have been credited with reporting the s...
Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code

Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code

Dec 07, 2021
Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed " RLBox " and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is designed to harden the web browser against potential weaknesses in off-the-shelf libraries used to render audio, video, fonts, images, and other content. To that end, Mozilla is incorporating "fine-grained sandboxing" into five modules, including its  Graphite  font rendering engine,  Hunspell  spell checker,  Ogg  multimedia container format,  Expat  XML parser, and  Woff2  web font compression format. The framework uses  WebAssembly , an open standard that defines a portable binary-code format for executable programs that can be run on m...
Critical Bug in Mozilla’s NSS Crypto Library Potentially Affects Several Other Software

Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software

Dec 02, 2021
Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services ( NSS ) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a  heap overflow  vulnerability when verifying digital signatures such as  DSA  and  RSA-PSS  algorithms that are encoded using the  DER  binary format. Credited with reporting the issue is Tavis Ormandy of Google Project Zero, who codenamed it " BigSig ." "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures," Mozilla  said  in an advisory published Wednesday. "Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be im...
Malicious Firefox Add-ons Block Browser From Downloading Security Updates

Malicious Firefox Add-ons Block Browser From Downloading Security Updates

Oct 26, 2021
Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content," Mozilla's Rachel Tublitz and Stuart Colville  said . Because Proxy API can be  used  to proxy web requests, an abuse of the API could enable a bad actor to control the manner Firefox browser connects to the internet effectively. In addition to blocking the extensions to prevent installation by other users, Mozilla said it's pausing on approvals for new add-ons that use the proxy API until the fixes are broadly available. What's more, the California-based non-profit said it'd deployed a system add-on named " Proxy Failover " that ships ...
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Feb 25, 2020
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network, ...
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App

Oct 09, 2019
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app. Tracked as CVE-2019-9535 , the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity firm Radically Open Security (ROS). "MOSS selected iTerm2 for a security audit because it processes untrusted data, and it is widely used, including by high-risk targets (like developers and system administrators)," Mozilla says. According to a blog post published today by Mozilla, the RCE flaw resides in the tmux integration feature of iTerm2, which, if exploited, could allow an attacker to execute arbitrary commands by providing malicious output to the terminal. As shown in the video demonstration, potential attack vectors for this vulnerability include connecting ...
Mozilla Deploying High-capacity Tor Middle Relays

Mozilla Deploying High-capacity Tor Middle Relays

Jan 29, 2015
Back in November, Mozilla teamed-up with Tor Project under a new initiative called Polaris , in order to help reduce finite number of Tor connections occurring at the same time by adding high-capacity Tor middle relays to the Tor network , and now the company is ready with its first Tor Middle relays. The Firefox maker has given the Tor network a high-capacity middle relays with the launch of 12 relays , all located in the United States, that will help distribute user traffic; the Tor browser is a great way to keep prying eyes from tracking you. Mozilla is one of the most trusted companies on the internet, particularly when it comes to user privacy. The partnership of Mozilla and Tor aimed at providing more privacy features to Firefox browser, and increased Tor network support. The Polaris Privacy Initiative was an effort of Mozilla, the Tor Project and the Center of Democracy and Technology — an advocacy group for digital rights, in order to help build more privacy ...
Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers

Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers

Oct 07, 2014
A critical zero-day vulnerability discovered in Mozilla's popular Bugzilla bug-tracking software used by hundreds of prominent software organizations, both private and open-source, could expose sensitive information and vulnerabilities of the software projects to the hackers. The critical flaw allows an attacker to bypass email verification part when registering a new Bugzilla account, which clearly means that an attacker can register accounts using any email addresses of their choice without the need to access the actual inbox for validation purposes. VALIDATION BYPASS AND PRIVILEGE ESCALATION BUG Security firm Check Point Software Technologies disclosed the flaw ( CVE-2014-1572 ) on Monday and said that it's the first time when a privilege-escalation vulnerability has been found in the Bugzilla project since 2002. The Mozilla foundation has also confirmed that this particular bug exists in all versions of Bugzilla going back to version 2.23.3 from 2006. An analysis...
Thousands of Mozilla Developers Emails and Password Exposed Accidentally

Thousands of Mozilla Developers Emails and Password Exposed Accidentally

Aug 04, 2014
Mozilla on Friday notified users of its Mozilla Developer Network (MDN) that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers. The email addresses of over 76,000 members of its Developer Network, along with 4000 "salted" passwords were disclosed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. The database glitch caused due to a data " sanitization " process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit's web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post . " As soon as we learned of it, the database dump file was removed from the server immediately, and the process that ge...
Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature

Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature

Jun 01, 2014
Mozilla is planning to provide a new feature that will allow free audio and video calls between its Firefox web browser , thereby ending the need of any third-party client service or plugin. Mozilla will soon release a new experimental version of Firefox Nightly , which will include an open source and Peer-to-peer communication protocol called WebRTC that enables Real-Time Communications (RTC) capabilities between two web browsers via simple Javascript APIs. NO PLUGINS REQUIRED WebRTC is not a web browser plugin, and its components run in the browser sandbox. Its components do not require separate installation or any separate process to run and it will receive its updates along with the web browser updates. " No plugins, no downloads. If you have a browser, a camera and a mic, you'll be able to make audio and video calls to anyone else with an enabled browser ." reads the blog post and when the camera or microphone are running, this is clearly shown b...
Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails

Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails

Jan 28, 2014
Do you use Thunderbird , a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user's machine. Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages. According to a Security Advisory released by Vulnerability-Lab , the flaw resides in Mozilla's Gecko engine. During the testing, the researchers found many java script errors which gave the researcher much hope in believing that the application might actually be vulnerable. By default, HTML tags like <script> and <iframe> are blocked in Thunderbird and get filtered immediately upon insertion. However, while drafting a new email message, attackers can easily bypass the current input filters by encoding...
Mozilla recommends the use of Open Source Browsers against State Surveillance

Mozilla recommends the use of Open Source Browsers against State Surveillance

Jan 14, 2014
After the revelations from NSA internal documents leaked by Edward Snowden, the world knows the NSA as the Real Techie Gangster of this 21st Century, with the ability to brutally infiltrate every kind of electronic device, the Internet, and global communications.  " It is becoming increasingly difficult to trust the privacy properties of software and services we rely on to use the Internet. Governments, companies, groups and individuals may be surveilling us without our knowledge. " The Inventor of JavaScript & current CTO of Mozilla, Mr. Brendan Eich said in a blog post NSA is not just focused on high-tech exploits, but also specialize in inserting secret backdoor to legitimate products. Its Tailored Access Operations (TAO) unit works with the CIA and FBI to intercept shipments of hardware to insert spyware into the devices. This way NSA is able to keep an eye on all levels of our digital lives, from computing centers to individual computers, and from laptops to mobi...
How to use PGP encryption with Mozilla Thunderbird Email client

How to use PGP encryption with Mozilla Thunderbird Email client

Jan 13, 2014
In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard . Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws of that contingent. Should we trust Microsoft product to save our e-mail password and data? Obviously NO!  This made me write a new article on the same topic is that today we are going to use an open source mail client i.e.  Mozilla Thunderbird , available for Windows, Mac OS X and Linux. Thunderbird Installation: Initially you need to download the Thunderbird mail client, and install it to make your email communication more secure and private. Open Thunderbird tool and configure your mail account, as shown: Installing and Configuring ENIGMAIL:  In the next step you need to install an Add-on in Thunderbird, called  ENIGMAIL . You can search and install add-on using...
First ever Malware for Firefox Mobile OS developed by Researcher

First ever Malware for Firefox Mobile OS developed by Researcher

Oct 18, 2013
Firefox OS is a mobile operating system based on Linux and Mozilla 's Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript. After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available. Shantanu Gawde , 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi. Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device's hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose...
FBI Used Firefox Exploit to Shutdown Illegal Site Running on Tor Network

FBI Used Firefox Exploit to Shutdown Illegal Site Running on Tor Network

Aug 05, 2013
TOR is the dark side of the Internet, the so-called dark web, which provides a safe haven to privacy advocates but is also where drugs, assassins for hire and other weird and illegal activities can allegedly be traded. A claimed zero-day vulnerability in Firefox 17 was used by the FBI to identify some users of the privacy-protecting Tor anonymity network. The FBI did not compromise the TOR network itself and The complex multi-layers of encryption still stand. Instead the FBI compromised the TOR browser only using a zero-day JavaScript exploit and used this to implant a cookie which fingerprinted users through a specific external server. Eric Eoin Marques , 28 year-old man in Ireland believed to be behind Freedom Hosting , the biggest service provider for sites on the encrypted Tor network , is awaiting extradition on p*rno charges. It is understood the FBI had spent a year trying to locate Mr Marques. Marques was arrested on a Maryland warrant that in...
Expert Insights / Articles Videos
Cybersecurity Resources