Cloudflare teams up with big browsers to help websites tell welcome from unwelcome visitors
Makers of Chrome, Edge, Firefox back bot-fraud defense called Private Access Control Tokens
Stay informed on Firefox security updates, vulnerabilities, and privacy enhancements with the latest in information security news and expert analysis.
Search across headline titles and summaries.
Background for this topic.
Firefox is an open-source web browser developed by Mozilla. It executes untrusted web content using security boundaries such as the same-origin policy and sandboxing, while providing protections against deceptive sites, downloads, and unwanted tracking. Its extension system also allows third-party code to access browser data or modify pages, depending on the permissions granted.
For security teams, browser vulnerabilities matter because a malicious or compromised website can exploit flaws to achieve code execution, bypass isolation, or steal information; exploitation risk depends on the specific defect and the deployed configuration. Vulnerability management therefore includes monitoring Mozilla security advisories, testing and rapidly deploying updates, and using the Extended Support Release where its slower feature cadence suits managed environments. Administrators should control extensions, apply enterprise policies, and treat privacy settings and browsing data as part of endpoint security and incident investigation.
Weekly headline count for the current query.
Makers of Chrome, Edge, Firefox back bot-fraud defense called Private Access Control Tokens
I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?
I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?
Firefox maker says the tools are basic security infrastructure, not teenage contraband
Yet it remains unclear if Anthropic's uber model was effective, or if better model middleware is what makes the difference
Mozilla CTO says AI means developers finally have a chance to get on top of security The Mozilla has revealed it tested Anthropic’s bug-finding “Mythos” AI model and feels the results it experienced represent a watershed moment for software defenders.…
Now if only device makers would deliver higher quality components Thanks to Anthropic's AI and its bug-detecting abilities, Firefox users can now enjoy stronger security. Unfortunately, if browser crashes rather than security flaws are the problem, Claude probably can't help.…
PLUS: Firefox adds XSS protection; Leadership turnover at CISA; FTC exempts some data collection Infosec In Brief DNS vulnerabilities are being addressed 84 percent faster in the UK public sector thanks to an automated vulnerability scanning system established as part of a program kicked off early last year.…
Lucky few randomly selected to trial the feature, which won't fully roll out for several months Mozilla is working on a built-in VPN for Firefox, with beta tests opening to select users shortly.…
Devs told to exercise 'extreme caution' with emails disguised as account update prompts Mozilla is warning of an ongoing phishing campaign targeting developers of Firefox add-ons.…
The distro's greatest asset is arguably also its greatest weakness If you installed the Firefox, LibreWolf, or Zen web browsers from the Arch User Repository (AUR) in the last few days, delete them immediately and install fresh copies.…
Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.…
Root cert expiry may bring breakage or worse for add-ons, media playback, and more If you're running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring root certificate.…
Few websites actually respect the option, says Mozilla When Firefox 135 is released in February, it'll ship with one less feature: Mozilla plans to remove the Do Not Track toggle from its Privacy and Security settings. …
Firefixed: It's maintenance time for low-complexity, high-impact security flaw It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.…
Can't reach someone's private server on localhost from outside? No problem A years-old security oversight has been addressed in basically all web browsers – Chromium-based browsers, including Microsoft Edge and Google Chrome, WebKit browsers like Apple's Safari, and Mozilla's Firefox.…
Users may have to upgrade twice to protect their browsers Mozilla has swiftly patched a pair of critical Firefox zero-days after a researcher debuted them at a Vancouver cybersec competition.…
Firefox maker promises to lean on personal info brokers to scrub records Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information.…
DOM-XSS attacks have become scarce on Google websites since TT debuted Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.…
Meanwhile NSO faces new lawsuit over Pegasus flying onto journalists' phones Google's Threat Analysis Group (TAG) said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software.…