Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Mozilla Firefox. Show all posts
Technology
Dark Web Monitoring Darkweb data security Mozilla Firefox Online Privacy Technology

Mozilla Firefox's Premium Dark Web Monitoring Solution

 

Mozilla, renowned for its commitment to an open and secure internet, has recently made a strategic foray into unexplored realms with the introduction of a subscription-based dark web monitoring service. This bold move signifies the organization's dedication to empowering users in the ongoing battle for online privacy, allowing them to take proactive measures to secure their personal information from the covert corners of the internet. 

The dark web, notorious for being a hub for stolen data and illicit activities, prompted Mozilla to take a pioneering stance by providing users with a tool to monitor their personal data on this clandestine platform. This new service enables users to keep a vigilant eye on the dark web, receiving real-time alerts if any traces of their personal information, from email addresses to passwords, are detected. It acts as a digital sentinel, offering a robust defense mechanism against potential cyber threats. 

Mozilla's approach to dark web monitoring is distinctive due to its unwavering commitment to user privacy. The service is designed to ensure that users' sensitive information remains shielded throughout the monitoring process, setting it apart from other solutions in the market. This emphasis on privacy aligns with Mozilla's longstanding dedication to user rights and transparency. 

While the concept of dark web monitoring isn't entirely new, Mozilla's entry adds an extra layer of trust and credibility to the landscape. Given its track record in advocating for user rights and a secure online environment, the organization brings a sense of reliability to this evolving sector. The subscription-based model not only makes the service accessible to a broader audience but also positions it as a valuable tool for individuals looking to proactively protect their digital identities without incurring exorbitant costs. 

However, as with any innovative move, there are critics raising questions about the broader responsibility of tech companies in ensuring user safety. Some argue that features like dark web monitoring should be inherent in basic services rather than being monetized as an additional layer of protection. In response, Mozilla asserts that the subscription fee is crucial for sustaining ongoing monitoring efforts and upholding the service's integrity. 

Mozilla's venture into dark web monitoring represents a significant step towards empowering users to navigate the intricate landscape of online security. As the digital realm continues to evolve, the importance of proactive measures to counter cyber threats becomes increasingly evident. Mozilla's privacy-centric service, though met with scepticism by some, has the potential to redefine how users approach safeguarding their personal data in the enigmatic realm of the dark web. It not only adds a layer of security but also reinforces Mozilla's commitment to creating a safer and more secure online experience for all users.
Read more »
Web browser
API Bug CVE Cyber Security GPU Mozilla Firefox Sandboxing Web browser

Patches for Firefox Updates in an Emergency Two Zero-Day Vulnerabilities 

 

Mozilla released an emergency security upgrade for Firefox over the weekend to address two zero-day flaws which have been exploited in attacks. The two security holes, identified as CVE-2022-26485 and CVE-2022-26486 graded "critical severity," are use-after-free issues detected and reported by security researchers using Qihoo 360 ATA. 

WebGPU is a web API that uses a machine's graphics processing unit to support multimedia on web pages (GPU). It is used for a variety of tasks, including gaming, video conferencing, and 3D modeling. 

Both zero-day flaws are "use-after-free" problems, in which a program attempts to use memory that has already been cleared. When threat actors take advantage of this type of flaw, it can cause the program to crash while also allowing commands to be executed without permission on the device.

According to Mozilla, "an unanticipated event in the WebGPU IPC infrastructure could escalate to a use-after-free and vulnerable sandbox escape." 

Mozilla has patched the following zero-day vulnerabilities: 

  • Use-after-free in XSLT parameter processing - CVE-2022-26485 During processing, removing an XSLT argument could have resulted in an exploitable use-after-free. There have been reports of cyberattacks in the wild taking advantage of this weakness. 
  • Use-after-free in the WebGPU IPC Framework - CVE-2022-26486 A use-after-free and exploit sandbox escape could be enabled by an unexpected event in the WebGPU IPC framework. There have been reports of attacks in the wild that take advantage of this weakness. 
Since these issues are of extreme concern and are being actively exploited, it is strongly advised to all Firefox users that they upgrade their browsers right away. By heading to the Firefox menu > Help > About Firefox, users can manually check for new updates. Firefox will then look for and install the most recent update, prompting you to restart your browser.
Read more »
Mozilla Firefox
Cyber Security Firefox Add-On malicious Mozilla Firefox

Malicious Add-Ons Blocked by Mozilla Firefox

 

The Mozilla Firefox team recently restricted add-ons that have been misusing the proxy API, preventing approximately 455,000 users from upgrading their browsers. 

Mozilla's development team members Rachel Tublitz and Stuart Colville claimed in a Monday post that they had found the rogue add-ons in early June. The add-ons were exploiting the proxy API, that is used by APIs to manage how Firefox connects to the internet. 

Add-ons are advanced software pieces that may be installed to Firefox or other programs to personalize the browser by performing things like limiting tracking, removing advertisements, downloading movies from websites, or translating information. 

However, from the other extreme, they may be malicious tiny creatures that install malware, such as the 28 Facebook, Vimeo, Instagram, as well as other add-ons discovered by experts last year in widely utilized Google and Microsoft browsers. The add-ons stole private data, seemed to have the capacity to activate more malware downloads, and altered links that victims clicked on to send them to phishing sites and advertisements. 

The Firefox team stated that the problematic Firefox add-ons discovered in June, dubbed Bypass and Bypass XM, were intercepting and redirecting users from downloading updates, accessing updated blocklists, and upgrading remotely set material. Mozilla has banned the rogue add-ons from being downloaded by more users. 

According to a blog post, Mozilla is now accepting new applications. The document also includes suggested parameters for Firefox add-on developers to assist accelerate add-on evaluation. 

Mozilla has also altered how well the browser handles key queries such as update requests. Beginning with Firefox 91.1, if an essential demand is performed through a proxy configuration that fails, Firefox will fall back on direct connections. 

“Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users,” the Firefox developers said. 

To prevent such fraudulent add-ons, the team had installed a system add-on called Proxy Failover (ID: proxy-failover@mozilla.com). System add-ons — a means to ship Firefox extensions – are hidden, cannot be disabled, and may be updated without restarting the browser. According to Mozilla, Proxy Failover is now available in both current and older Firefox versions. 

Anyone who isn't using the newest version and hasn't disabled updates should check to see if they've been impacted by the malicious add-ons, according to Mozilla. The very first step is to attempt an upgrade of Firefox: Recent versions have an upgraded blocklist that removes harmful add-ons automatically.
Read more »
Personal Data
Azure Credential Stuffing Credentials Leak Dark Web Data Breach Disney Mozilla Mozilla Firefox Personal Data

Mozilla: Maximum Breached Accounts had Superhero and Disney Princes Names as Passwords

 

The passwords that we make for our accounts are very similar to a house key used to lock the house. The password protects the online home (account) of personal information, thus possessing an extremely strong password is just like employing a superhero in a battle of heroes and villains. 

However, according to a new blog post by Mozilla, superhero-themed passwords are progressively popping up in data breaches. Though it may sound absurd - following the research done by Mozilla using the data from haveibeenpwned.com, it was evident that most frequent passwords discovered in data breaches were created on either the names of superheroes or Disney princesses. Such obvious passwords make it easier for hackers to attack and hijack any account or system. 

While analyzing the data it was seen that 368,397 breaches included Superman, 226,327 breaches included Batman, and 160,030 breaches had Spider-Man as their passwords. Further, thousands of breaches featured Wolverine and Ironman as well. And not only this research from 2019 showed that 192,023 breached included Jasmine and 49,763 breached included Aurora as their password.

There were 484,4765 breached that had password as ‘princess’ and some Disney + accounts had password as ‘Disney’. This is one of the biggest reasons that support data breaches by hackers and boost their confidence.

With the increasing frequency of compromised account credentials on the dark web, a growing number of businesses are turning to password-less solutions. Microsoft has expanded its password-less sign-in option from Azure Active Directory (AAD) commercial clients to use Microsoft accounts on Windows 10 and Windows 11 PCs. 

Almost all of Microsoft's employees are passwordless, according to Vasu Jakkal, corporate vice president of the Microsoft Security, Compliance, Identity, and Management group.

"We use Windows Hello and biometrics. Microsoft already has 200 million passwords fewer customers across consumer and enterprise," Jakkal said. "We are going completely passwordless for Microsoft accounts. So you don't need a password at all," he further added. 

Though it's common to reuse passwords, it is highly dangerous, yet it's all too frequently because it's simple and people aren't aware of the consequences. Credential stuffing exploits take advantage of repeated passwords by automating login attempts targeting systems utilizing well-known email addresses and password pairings. One must keep changing their passwords from time to time and try to create a strong yet not so obvious password.
Read more »
Total Cookie Protection
Cookies Firefox 86 Mozilla Firefox Technology Total Cookie Protection

Total Cookie Protection Launched in The New Upgrade of Firefox

 

Mozilla's latest Firefox 86 has been rolled -out for desktop, Mac, Windows, and Linux platforms. The browser upgrade brings features like multiple image mode and video replay, backward and forward buttons. Total Cookie Protection has been integrated into the Strict Enhanced Tracking Protection (ETP) platform, which has been revealed on Tuesday with the launch of Firefox 86. Complete cookie protections were referred to as 'huge advance' in containing cookies that are placed into new 'cookie jars' by websites. 

Cookies are text files containing tiny pieces of information by which the computer can be detected. While intended to enhance the viewing experience on the website, it could also be used, despite any permission, to track online activities. Google now plans to destroy third-party cookies as part of its Sandbox privacy project on its Chrome web browser, an effort that aims to allow personal ads while restricting data detection. 

Mozilla uses the 'cookie jar' example to explain the current blocker, whereby each third-party that drops a cookie in the browser has all the collected knowledge limited to its own cookie jar. This stops trackers from monitoring the activities from site to site. In its battle to protect the privacy of people while accessing the internet, Mozilla's Total Cookie Protection is the most recent maneuver. Total cookie protection adds up to current Firefox attempts to prevent websites and online publicity providers from making a profile of one’s web history through using internet cookies as well as other computer scripts. 

“Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website,” Mozilla wrote in a blog post. 

The company wants to silo off each because the cookie data is exchanged on the pages. Online advertisers can then understand what websites users want to access so that they can try and send relevant ads. 

“In combining Total Cookie Protection with last month’s super cookie protections, Firefox is now armed with very strong, comprehensive protection against cookie tracking,” the company said. 

The Total Cookie Protection also provides an exception for non-tracking cookie-related scripts such as third-party login or password plugins.

The potential solution should therefore help avoid the breakdown of a website. Mozilla has taken a page in the "first party isolation" of Tor browser to develop total cookie protection, which also requires cookies to be segregated into the website domain.
Read more »
Mozilla Firefox
Backspace Key Cyber Security Google Chrome Microsoft Mozilla Firefox

Mozilla Firefox Disabling Backspace Key to Prevent Data Loss

Mozilla Firefox is about to disable the browser's backspace key to help users avoid data loss. 

In 2014, Google Chrome and Microsoft Edge have already removed the ability to go back to a previous page by using the backspace key as there were possibilities of losing data entered into forms on the current page. Those who are using Google Chrome have to download an extension to use this again, whereas Microsoft Edge had offered a flag for its users to re-active it. In the same way, Mozilla Firefox is also offering its users the option to re-activate the backspace key if they wish to do so. 

"Would be useful to determine how commonly backspace is used as a "back" action shortcut, so we can figure out if we need to tweak the UX somehow to avoid accidental loss of form data due to mistyping the backspace key," Google Chrome developers stated in a 2014 bug post. 

According to the sources, seven years ago, Mozilla Firefox had set up the committee and reviewed the bug post: whether the backspace key should be disabled or not. Finally, the committee had decided not to change anything at that time. Around six years later, Mozilla finally came to the point where it has decided to remove the backspace key after realizing that except for Mozilla and Internet Explorer 11, no browsers support this keyboard shortcut. 

"To prevent user data loss when filling out forms, the Backspace key as a navigation shortcut for "Go back one page" is now disabled. To re-enable the Backspace keyboard shortcut, you can change the about: config preference browser.backspace_action to 0. You can also use the recommended Alt + Left arrow (Command + Left arrow on Mac) shortcut instead," Firefox Release Manager Pascal Chevrel added to the Firefox Nightly 86.0a1 release notes. 

According to TechDows, the first who reported about this change which is now available live on the Firefox browser for users to test and know. 
Further information is for those users who want to continue using the backspace key, you will be able to re-enable this key just follow these steps: 

1. Enter about: config in the Firefox address bar. 
2. Search for browser.backspace_action and change its value to '0'. 

Once the setting is configured, you will be able to use the backspace key to go back to the previous page in Mozilla Firefox.
Read more »
Mozilla Firefox
Bug Cyber Security Mozilla Firefox

Firefox expected to release a fix for their "Camera active after phone locks" bug this October


A bug in Mozilla Firefox enabled websites to keep the smartphone camera active even after leaving the browser or locking the phone. The company is working on fixing the bug and are planning to release the fix around October this year.


The bug was first reported by Appear TV, a video delivery platform last year in July. The bug activates when a user opens a video streaming app from their Mozilla Firefox browser in their Android smartphone.

It was first noticed by Appear TV when the video kept playing in the background even when it should have stopped that is the video kept playing in the background even when the user moved out of the browser or pushed it to the background or locked the phone. This raised concerns over user's privacy and bandwidth loss. "From our analysis, a website is allowed to retain access to your camera or microphone whilst you're using other apps, or even if the phone is locked," said a privacy app, Traced in talks with ZDNet. "While there are times you might want the microphone or video to keep working in the background, your camera should never record you when your phone is locked".

On Fixing the Issue

 "As is the case with dedicated conferencing apps, we provide a system notification that lets people know when a website within Firefox is accessing the camera or microphone, but recognize that we can do better, especially since this gets hidden when the screen is locked," a Mozilla spokesperson said in a statement.

"This bug [fix] aims to address this by defaulting to audio-only when the screen is locked," Mozilla added. "[The fix] is scheduled for release at the platform-level this October, and for consumers shortly after."

Mozilla has been working on a next-generation browser Firefox Nightly with more focus on privacy to replace their current browser for Android. The update is out for testing.

"Meanwhile, our next-generation browser for Android, now available for testing as Firefox Nightly, already has a prominent notification for when sites access this hardware as well," said Mozilla.
Read more »
Subscribe to: Posts (Atom)