Firefox

(get it in RSS or Atom)

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

moz-250

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

chet-chat-logo-featured-250

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Monday review - the hot 27 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprises

fftb-250

Firefox 31 is out.

So is its updated conservative older brother, the Extended Support Release, now at 24.7.

And Firefox's email-oriented cousin Thunderbird gets updated, too.

Monday review - the hot 17 stories of the week

dow-250

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Firefox 29 is out - it's more secure, but does it *look* better, too?

ff-250

Firefox 29 is out, in accordance with Mozilla's regular Tuesday-based 42 day update cycle.

There are numerous security fixes combined with some rather in-your-face visual changes...

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

PWN2OWN Day Two - Chrome and Safari join the losers

p2o-d2-250

Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing

p2o-250

PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

Firefox 27 is out - Tuesday's second non-Patch-Tuesday update

ff27-250

Even though yesterday wasn't a Patch Tuesday, we ended up with two major browser-related updates: an unscheduled Adobe Flash patch, and an expected one: the update from Firefox 26 to Firefox 27.

Paul Ducklin takes a quick look...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

Firefox 25.0.1 - the security update that wasn't?

fff-250

Firefox just pushed out a minor browser update, bumping its version number from 25.0 to 25.0.1.

Paul Ducklin saw Mozilla's advice that this was "a security and stability update", and went looking for the security fixes...

SSCC 122 - Facebook hoax, Microsoft 0-day, Android hole and Firefox going forward [PODCAST]

sscc-122-175-250

What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.

Chet and Duck talk you through the latest news...