Search results for firefox or chrome | Breaking Cybersecurity News | The Hacker News

After years of waiting, Mozilla last week launched Firefox 54 for Windows, Mac, Linux, and Android, with multi-process support — a "major improvement" to improve your browsing experience — but many users are still struggling to take advantage of this feature. Mozilla's multi-process support in Firefox has been in development for over eight years as part of a project, codenamed Electrolysis or E10S, which aimed at improving responsiveness and speed by streamlining memory use by different processes. Describing the latest release as the largest change to Firefox code ever, Mozilla says it has worked hard to avoid increased memory consumption, and slower performance, as Firefox now uses up to four processes to run web page content across all open tabs. In other words, Firefox is finally making use of "significantly less RAM" of your computer, as heavy web pages in one tab will now have a much lower impact on responsiveness and speed in other tabs. ...

Should we feel happy about it? Let's find out! What Firefox has been thinking of is, it is planning to bring in Google chrome's web browser extensions to support the features of Mozilla Firefox. The parent company of Firefox i. e. Mozilla Foundation has decided to update their add-on and extension infrastructure, making Firefox more capable and user-friendly . Ranked number three, Firefox browser is seemingly thriving to attain the first position. Google Chrome and Internet Explorer are the ones ahead of it, leading to desktops and mobile devices altogether. The move will help Firefox in various ways like: Integration of new technologies like Electrolysis and Servo Protection from Adware and Spyware Shortening the time it takes to review add-ons Functionalities brought by Mozilla According to Mozilla, functionalities that are being brought with the help of modifications in Firefox Add-ons are: Introducing a Powerful add-on WebExtensions API A...

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history. Most of you might not even remember downloading and installing these extensions on your web browser, and that's likely because when users install Avast or AVG antivirus on their PCs, the software automatically installs their respective add-ons on the users' browsers. Both online security extensions have been designed to warn users when they visit a malicious or phishing website; whereas, SafePrice extensions help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from variou...

The malicious scam campaign, " The 'HoeflerText' font wasn't found ," is back, which was previously targeting Google Chrome users to trick them into installing Spora ransomware on their computers. This time the campaign has been re-designed to target Mozilla Firefox users with a banking trojan, called Zeus Panda , says   Kafeine , a security researcher at Proofpoint. Interestingly, the attackers behind this new campaign are so stupid that they forgot to change the name of the font, i.e. HoeflerText, due to which can be easily spotted. As I previously warned — Next time when you accidentally land up on a suspicious website with jumbled content prompting to update the Firefox or Chrome font pack by downloading a missing text font to read the article… Just don't download it. It's obviously a trap. Just like the previous one, the latest Firefox 'HoeflerText font wasn't found scam is also very convincing and easy to fall for. The attack in...

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet. He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users. What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right? Okay, then before going to the in-depth details, first have a look at this demo web page  ( note: you may experience downtime due to high traffic on demo server ), set up by Chinese security researcher Xudong Zheng, who discovered the attack. " It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL o...

If you came across a celebrity sex video on Facebook featuring Jessica Alba or any other celebrity, just avoid clicking it. Another Facebook scam is circulating across the social networking website that attempts to trick Facebook users into clicking on a link for a celebrity sex tape that instead downloads malware onto their computers. Once installed, the malware would force web browsers to display aggressive advertising web pages which include sites with nudity and fake lotteries. The spam campaign was uncovered by researchers at Cyren, who noted that a malicious Google Chrome extension is spreading nude celebrity PDFs through private messages and posts on various Facebook groups. If opened, the PDF file takes victims to a web page with an image containing a play button, tricking users that the PDF may contain a video. Once clicked, the link redirects users of Internet Explorer, Firefox, or Safari to a web page with overly-aggressive popups and advertisements related to ...

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets. On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Malicious MEGA Chrome Extension Steals Passwords Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading...

Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome browser. Discovered by Guardio, the vulnerability ( CVE-2019-12592 ) resided in the ways Evernote Web Clipper extension interacts with websites, iframes and inject scripts, eventually breaking the browser's same-origin policy (SOP) and domain-isolation mechanisms. According to researchers, the vulnerability could allow an attacker-controlled website to execute arbitrary code on the browser in the context of other domains on behalf of users, leading to a Universal Cross-site Scripting (UXSS or Universal XSS) issue. "A full exploit that would allow loading a remote hacker contr...

It's been a long time coming, but now the users of Firefox and Opera browsers don't need to rely on the Chrome browser to access WhatsApp Web client, as the most popular smartphone messaging service has announced that the Web-based version of its service now works on Firefox and Opera web browsers   too. WHATSAPP WEB AVAILABLE FOR OPERA & FIREFOX Almost a month ago, WhatsApp launched the web client of its service but the access was limited only to the Google Chrome users. Now, the company is giving more choices to desktop users by launching WhatsApp Web Today for Opera and Firefox browsers , though you'll still have to wait a little long if you're a Safari user. WhatsApp Web is nothing than an extension of the core mobile WhatsApp application. It syncs conversations from your smartphone devices to your PCs, with everything stored on the mobile device itself. HOW TO USE WHATSAPP ON PC/DESKTOP In order to install WhatsApp web in your PC or laptop running...

Mozilla launches Voice and Video Connect with the release of Official Firefox 41.0 Release . After significant improvements done in the Firefox Nightly experimental build of version Firefox 41.0, the stable release has a lot to offer. How would it be experiencing a seamless communication – video and voice calls and text messaging being directly built in your browser? Here's How: Mozilla has launched the stable release of Firefox 41.0 , equipped with project " Firefox Hello " offering free VOIP and instant messaging services through WebRTC ( Real Time Communication ) channel. Firefox Hello had already arrived last year via Firefox 41.0 Beta release with an aim of improving user's experience by providing them with free voice and video calling features, irrespective of additional software or hardware support. By adopting Firefox Hello : Both the parties don't need to have same browsers, software or hardware. No sign-up other than...

As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your online behavior and interests, using which they display relevant advertisements, content, and promotions on the websites you visit. Which makes sense as no one likes to waste time in watching advertisements and offers that are not of one's interest. However, since tracking cookies gather way more information without requiring users' explicit permissions and there is no control over how companies would use it, the technique also poses a massive threat to users' online privacy. To limit this extensive tracking, Mozilla included the "Enhanced Tracking Protection" option as an experimental feature in Octo...

Immediately after Mozilla announced its plan to soon enable ' DNS over HTTPS ' (DoH) by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, ' DNS over HTTPS ' performs DNS lookups—finding the server IP address of a certain domain name—over an encrypted HTTPS connection to a DNS server, rather than sending DNS queries in plaintext. The protocol that sends DNS queries over secure HTTPS connections has specifically been designed to prevent miscreants from interfering with domain name lookups, eventually stopping network observers, including your ISPs and attackers, from figuring out what sites you visit. Though the privacy-focused technology is also helpful in preventing attackers from redirecting unsuspecting visitors to phishing and malware sites, DNS over HTTPS could also bring its own new challenges to the enterprise security so...

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both , Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a...

SAN FRANCISCO (AFP) - Mozilla and Google, on Monday took steps to give people privacy online, but most everyone said obstacles remain to create simple "Do not follow the software buttons for web browsing . Mozilla has proposed the addition of a signal of its popular Firefox browser that allows users to automatically prompt sites do not monitor their online activities. Web sites then decide whether to grant or desire to continue collecting data for purposes such as targeting Internet advertising. Firefox users would be able to convey what I want to watch a third based on advertising by setting the browsers send a "Do not follow the HTTP header" on each click or page view. "The problem with adding this to the head is that you have both browsers and sites to be implemented to be fully effective," the Mozilla technology and privacy of Alex Fowler, acknowledged in a blog. "Mozilla recognizes the chicken and egg problem, and will propose that this fun...

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities. According to a security advisory published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution' flaw that originates due to 'insufficient sanitization' of HTML fragments in chrome-privileged documents (browser UI). Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or ' opening a file that submits malicious input to the affected software .' "A successful exploit could allow the attacker t...

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network, ...

Google will pay $ 20,000 for the first scientist who succeeds in its Chrome browser to exploit this year's competition Pwn2Own piracy. The price is the largest ever to face the annual challenge, which begins for the fifth time in the CanSecWest security conference in Vancouver, British Columbia, March 9. In Pwn2Own this year, researchers sky exploits against machines running Windows 7 or Mac OS X, as they try to download Microsoft Internet Explorer, Mozilla Firefox, Apple Safari and Chrome. The researchers first to hack IE, Firefox and Safari will receive $ 15,000 and the computer running the browser. Prices are $ 5,000 higher than those given for the use of browsers in the last contest Pwn2Own, and three times the 2009 price. "We've raised the bar this time and the total allocated to cash prices rose to a whopping $ 125,000," said Aaron Portnoy, director of HP TippingPoint Security Research Team. TippingPoint, which is once again sponsoring Pwn2Own, set th...