Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published
Mozilla develops Firefox and related internet technologies, with vulnerability disclosures and security updates relevant to browser security and safety.
Search across headline titles and summaries.
Background for this topic.
Mozilla is an open-source software organization best known for developing Firefox and related internet technologies. Its security relevance centers on software that parses untrusted web content: browsers expose users to malicious sites, crafted documents, extensions, and vulnerable dependencies, so flaws in rendering, JavaScript, networking, or privilege boundaries can have serious consequences.
Mozilla publishes security advisories for Firefox and maintains release channels including Extended Support Release (ESR), providing data for vulnerability and patch management. High-severity bugs may enable code execution, sandbox escape, credential theft, or privacy exposure, although severity alone does not prove exploitation. Practitioners should track advisories and affected versions, prioritize updates, restrict untrusted extensions, and apply enterprise policies where appropriate. Firefox privacy controls, including tracking protection and anti-fingerprinting features, reduce some collection and profiling but do not replace endpoint hardening or secure identity practices.
Weekly headline count for the current query.
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published
Firefox maker says the tools are basic security infrastructure, not teenage contraband
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
Yet it remains unclear if Anthropic's uber model was effective, or if better model middleware is what makes the difference
Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal HitThis week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.
Mozilla CTO says AI means developers finally have a chance to get on top of security The Mozilla has revealed it tested Anthropic’s bug-finding “Mythos” AI model and feels the results it experienced represent a watershed moment for software defenders.…
Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. [...]
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features
In response to user feedback on AI integration, Mozilla announced today that the next Firefox release will let users disable AI features entirely or manage them individually. [...]
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud
In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.
Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting. [...]
Esra'a Al Shafei spoke with The Reg about the spy tech 'global trade' interview Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.…
PLUS: Judge spanks NSO; Mozilla requires data use disclosures; TARmageddon meets Rust; And more! Infosec In Brief Former basketball star Shaquille O'Neal is 7'1" (215 cm), and therefore uses car customization companies to modify vehicles to fit his frame. But it appears cybercriminals have targeted Shaq’s preferred motor-modder.…
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. [...]
Lucky few randomly selected to trial the feature, which won't fully roll out for several months Mozilla is working on a built-in VPN for Firefox, with beta tests opening to select users shortly.…
Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues. [...]
A recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country. [...]