The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Mozilla

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
February 25, 2020Mohit Kumar
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network,

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
October 09, 2019Mohit Kumar
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app. Tracked as CVE-2019-9535 , the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity firm Radically Open Security (ROS). "MOSS selected iTerm2 for a security audit because it processes untrusted data, and it is widely used, including by high-risk targets (like developers and system administrators)," Mozilla says. According to a blog post published today by Mozilla, the RCE flaw resides in the tmux integration feature of iTerm2, which, if exploited, could allow an attacker to execute arbitrary commands by providing malicious output to the terminal. As shown in the video demonstration, potential attack vectors for this vulnerability include connecting

Mozilla Deploying High-capacity Tor Middle Relays

Mozilla Deploying High-capacity Tor Middle Relays
January 29, 2015Swati Khandelwal
Back in November, Mozilla teamed-up with Tor Project under a new initiative called Polaris , in order to help reduce finite number of Tor connections occurring at the same time by adding high-capacity Tor middle relays to the Tor network , and now the company is ready with its first Tor Middle relays. The Firefox maker has given the Tor network a high-capacity middle relays with the launch of 12 relays , all located in the United States, that will help distribute user traffic; the Tor browser is a great way to keep prying eyes from tracking you. Mozilla is one of the most trusted companies on the internet, particularly when it comes to user privacy. The partnership of Mozilla and Tor aimed at providing more privacy features to Firefox browser, and increased Tor network support. The Polaris Privacy Initiative was an effort of Mozilla, the Tor Project and the Center of Democracy and Technology — an advocacy group for digital rights, in order to help build more privacy

Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers

Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers
October 07, 2014Wang Wei
A critical zero-day vulnerability discovered in Mozilla's popular Bugzilla bug-tracking software used by hundreds of prominent software organizations, both private and open-source, could expose sensitive information and vulnerabilities of the software projects to the hackers. The critical flaw allows an attacker to bypass email verification part when registering a new Bugzilla account, which clearly means that an attacker can register accounts using any email addresses of their choice without the need to access the actual inbox for validation purposes. VALIDATION BYPASS AND PRIVILEGE ESCALATION BUG Security firm Check Point Software Technologies disclosed the flaw ( CVE-2014-1572 ) on Monday and said that it's the first time when a privilege-escalation vulnerability has been found in the Bugzilla project since 2002. The Mozilla foundation has also confirmed that this particular bug exists in all versions of Bugzilla going back to version 2.23.3 from 2006. An analysis

Thousands of Mozilla Developers Emails and Password Exposed Accidentally

Thousands of Mozilla Developers Emails and Password Exposed Accidentally
August 04, 2014Swati Khandelwal
Mozilla on Friday notified users of its Mozilla Developer Network (MDN) that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers. The email addresses of over 76,000 members of its Developer Network, along with 4000 "salted" passwords were disclosed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. The database glitch caused due to a data " sanitization " process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit's web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post . " As soon as we learned of it, the database dump file was removed from the server immediately, and the process that ge

Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature

Mozilla to Provide WebRTC-based Free Firefox To Firefox Voice and Video Calling feature
June 01, 2014Mohit Kumar
Mozilla is planning to provide a new feature that will allow free audio and video calls between its Firefox web browser , thereby ending the need of any third-party client service or plugin. Mozilla will soon release a new experimental version of Firefox Nightly , which will include an open source and Peer-to-peer communication protocol called WebRTC that enables Real-Time Communications (RTC) capabilities between two web browsers via simple Javascript APIs. NO PLUGINS REQUIRED WebRTC is not a web browser plugin, and its components run in the browser sandbox. Its components do not require separate installation or any separate process to run and it will receive its updates along with the web browser updates. " No plugins, no downloads. If you have a browser, a camera and a mic, you'll be able to make audio and video calls to anyone else with an enabled browser ." reads the blog post and when the camera or microphone are running, this is clearly shown by the Fire

Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails

Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails
January 27, 2014Anonymous
Do you use Thunderbird , a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user's machine. Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages. According to a Security Advisory released by Vulnerability-Lab , the flaw resides in Mozilla's Gecko engine. During the testing, the researchers found many java script errors which gave the researcher much hope in believing that the application might actually be vulnerable. By default, HTML tags like <script> and <iframe> are blocked in Thunderbird and get filtered immediately upon insertion. However, while drafting a new email message, attackers can easily bypass the current input filters by encoding

Mozilla recommends the use of Open Source Browsers against State Surveillance

Mozilla recommends the use of Open Source Browsers against State Surveillance
January 14, 2014Swati Khandelwal
After the revelations from NSA internal documents leaked by Edward Snowden, the world knows the NSA as the Real Techie Gangster of this 21st Century, with the ability to brutally infiltrate every kind of electronic device, the Internet, and global communications.  " It is becoming increasingly difficult to trust the privacy properties of software and services we rely on to use the Internet. Governments, companies, groups and individuals may be surveilling us without our knowledge. " The Inventor of JavaScript & current CTO of Mozilla, Mr. Brendan Eich said in a blog post NSA is not just focused on high-tech exploits, but also specialize in inserting secret backdoor to legitimate products. Its Tailored Access Operations (TAO) unit works with the CIA and FBI to intercept shipments of hardware to insert spyware into the devices. This way NSA is able to keep an eye on all levels of our digital lives, from computing centers to individual computers, and from laptops to mobi

How to use PGP encryption with Mozilla Thunderbird Email client

How to use PGP encryption with Mozilla Thunderbird Email client
January 13, 2014Anonymous
In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard . Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws of that contingent. Should we trust Microsoft product to save our e-mail password and data? Obviously NO!  This made me write a new article on the same topic is that today we are going to use an open source mail client i.e.  Mozilla Thunderbird , available for Windows, Mac OS X and Linux. Thunderbird Installation: Initially you need to download the Thunderbird mail client, and install it to make your email communication more secure and private. Open Thunderbird tool and configure your mail account, as shown: Installing and Configuring ENIGMAIL:  In the next step you need to install an Add-on in Thunderbird, called  ENIGMAIL . You can search and install add-on using Tools-> Add-ons

First ever Malware for Firefox Mobile OS developed by Researcher

First ever Malware for Firefox Mobile OS developed by Researcher
October 18, 2013Mohit Kumar
Firefox OS is a mobile operating system based on Linux and Mozilla 's Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript. After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available. Shantanu Gawde , 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi. Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device's hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose. Basically,

Android's Firefox app Vulnerability allows hacker to steal files from SD card

Android's Firefox app Vulnerability allows hacker to steal files from SD card
October 01, 2013Mohit Kumar
Mobile Browsers are complicated applications and locking them down against threats is extremely difficult. According to a Mobile Security Researcher, Sebastián Guerrero from ' viaForensics' , Android's Firefox browser app is vulnerable to Hackers. He responsibly disclosed the details to Mozilla, that allows hackers to access both the contents of the SD card and the browser's private data. He posted a video showing how hackers will be able to access data on the device. The flaw works only if a user install  a malicious application or opened a locally stored HTML file in the vulnerable Firefox app that included malicious Javascript code. Successful Exploitation allows attacker to access to files on the SD Card including all of users' cookies, login credentials, bookmarks etc. This is a privacy issue and could be severe depending on what is stored there, including personal pictures and video, or data placed there by other applications. Files are accessed th

FBI Used Firefox Exploit to Shutdown Illegal Site Running on Tor Network

FBI Used Firefox Exploit to Shutdown Illegal Site Running on Tor Network
August 05, 2013Mohit Kumar
TOR is the dark side of the Internet, the so-called dark web, which provides a safe haven to privacy advocates but is also where drugs, assassins for hire and other weird and illegal activities can allegedly be traded. A claimed zero-day vulnerability in Firefox 17 was used by the FBI to identify some users of the privacy-protecting Tor anonymity network. The FBI did not compromise the TOR network itself and The complex multi-layers of encryption still stand. Instead the FBI compromised the TOR browser only using a zero-day JavaScript exploit and used this to implant a cookie which fingerprinted users through a specific external server. Eric Eoin Marques , 28 year-old man in Ireland believed to be behind Freedom Hosting , the biggest service provider for sites on the encrypted Tor network , is awaiting extradition on p*rno charges. It is understood the FBI had spent a year trying to locate Mr Marques. Marques was arrested on a Maryland warrant that includes charges

Firefox OS for smartphones, incredible platform for Developers

Firefox OS for smartphones, incredible platform for Developers
February 11, 2013Mohit Kumar
Mozilla's Firefox OS, the mobile operating system from the company that makes the Firefox browser build entirely on open web standards and having ability to beat Android or iOS.  Firefox OS is Mozilla's ambitious attempt to build an operating system that brings more openness to the walled gardens of Apple's iOS and Google's Android. New Operating Systems for Smartphones Its a new mobile operating system built entirely using open web standards and with codename  Boot to Gecko , means a Linux distro that automatically loads Gecko or in more simple words apps for Firefox OS are basically just websites written in HTML, JavaScript, and CSS. The Web is the Platform, which means not only taking down barriers, but also a lighter system that makes your apps run smoothly and an optimal battery life. Firefox OS written with basic HTML, CSS, and JavaScript Mozilla has also added some extra hooks to Firefox OS that allow developers to access a phone's hardware via HTML
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.