July 2022 Patch Tuesday forecast: A summertime lull?
June 2022 Patch Tuesday wrapped up a few loose ends we were waiting on. The Follina remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) was fixed. Internet Explorer came to a quiet end in most versions of the Windows 10 operating system. And finally, the Phase 2 update for CVE-2021-26414, the…
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws
Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating. The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines. Next in line is CVE-2022-22743, another fullscreen spoof, this time affecting the browser window. The bug could allow…
Firefox 95 Rolls Out With New ‘RLBox’ Isolation Feature
Dubbed RLBox, the new sandboxing technology has been developed in collaboration with academics at the University of California San Diego and the University of Texas and is meant to complement existing protections by isolating subcomponents. To keep users protected from web attacks, browsers run sites in sandboxed processes, but adversaries attempt to chain flaws to…
Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API
The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this. Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured. According to Mozilla, a…
Firefox 90 Drops Support for FTP Protocol
Built on a client-server model architecture and in use for roughly five decades, FTP allows for the easy transfer of files and folders between computers. However, because data is transmitted unencrypted, the protocol has long been considered insecure. Secure variants do exist, including one that leverages SSL/TLS (FTPS), or the SSH File Transfer Protocol (SFTP)….
Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs
In its advisory for the vulnerability — the bug currently does not have a CVE identifier — Mozilla described it as a “buffer overflow in depth pitch calculations for compressed textures.” The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro’s Zero Day Initiative (ZDI), apparently only impacts Firefox running on Windows —…
Holiday gifts getting smarter, but creepier when it comes to privacy and security
A Hamilton Beach Smart Coffee Maker that could eavesdrop, an Amazon Halo fitness tracker that measures the tone of your voice, and a robot-building kit that puts your kid’s privacy at risk are among the 37 creepiest holiday gifts of 2020 according to Mozilla. Researchers reviewed 136 popular connected gifts available for purchase in the…
Serious Vulnerabilities Patched in Chrome, Firefox
Google included a total of 32 security fixes in Chrome 81, which was finally promoted to the stable channel, after the current COVID-19 pandemic forced the Internet giant to delay stable releases and roll back some of the recently introduced protections in Chrome. Twenty-three of the patches fix vulnerabilities reported by external security researchers, including…
Consumers have few legal options for protecting privacy
There are no promises in the words, “We care about user privacy.” Yet, these words appear on privacy policy after privacy policy, serving as disingenuous banners to hide potentially invasive corporate practices, including clandestine data collection, sharing, and selling. This is no accident. It is a strategy. In the US, companies that break their own…
Tor Browser Patches Start Being Uplifted into Firefox
The Tor (The Onion Router) team and Mozilla are working together to implement Tor browser patches directly into Firefox and tighten their collaboration. The Tor browser is built almost entirely on Firefox, with 95% of its code coming from Mozilla’s browser. However, it still needs a series of changes, which the team refers to as…