Mozilla

(get it in RSS or Atom)

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

PWN2OWN Day Two - Chrome and Safari join the losers

p2o-d2-250

Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing

p2o-250

PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

Firefox 24 available now! 17 fixes, 7 critical

Firefox250

The Mozilla Foundation released Firefox, Thunderbird and SeaMonkey version 24.0, fixing 17 vulnerabilities.

Monday review - the hot 24 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

SSCC 106 - US DoD and BYOD, "scanner" malware, 2FA, and browser wars revisited [PODCAST]

sscc-106-250

For your listening pleasure, here's the latest episode in our popular "Chet Chat" series.

Senior Security Advisor Chester Wisniewski discusses the latest security news with regular guest Paul Ducklin in an entertaining and easily-digested quarter-hour podcast.

Google announces brand new web browser core, so does Mozilla

When you wait ages for a bus, and then three come along at once, it's not a coincidence: it's a side-effect of queuing and traffic lights.

But what about when three browser vendors make announcements on the same day?

Apple and Mozilla - 'Just say no to Java'

New security hole found in multiple Java versions

After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.

Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript - oh, and 20 other security fixes

Firefox 18 has landed: 2917 bugs patched, 21 security fixes, 12 critical.

Also with a brand-new JavaScript compiler and support for Retina displays on the groovier sorts of Mac.

Firefox 17 arrives - 2365 bugs zapped, OS X Leopard left behind

Firefox 17 arrives - 2365 bugs zapped, OS X Leopard left behind

Firefox 17.0 is out.

The new version fixes an officially-listed 2365 bugs and covers six critical advisories. It also drops support for OS X Leopard and earlier.

Firefox 17 protects your privacy while enhancing the Facebook experience

Firefox 17 protects your privacy while enhancing the Facebook experience

The latest beta release of Mozilla's popular Firefox browser has introduced a new social media API. Can a web browser make it easier to use social media while protecing your privacy? Mozilla hopes so.

Firefox 15 released: Seven critical vulnerabilities patched and stealthy updates too!

Firefox 15 released: Seven critical vulnerabilities patched and stealthy updates too!

The latest version of the Firefox browser fixes a critical security hole Naked Security reported on in June, and makes the browser’s silent update feature even stealthier.

Anatomy of a bug: latest Firefox 'new tab' feature thumbnails HTTPS pages

Anatomy of a bug: Firefox 'new tab' feature thumbnails HTTPS pages

The latest release of Firefox has been called "unlucky version 13" because it creates web page thumbnails even of secure content, sparking privacy fears.

But is this really a bug? And if so, do any of the "fixes" circulating online actually work? Paul Ducklin finds out.

PayPal starts bounty program for security bugs

PayPal starts bounty program for security bugs

If you've found a security issue with PayPal, you could receive a monetary reward for informing the firm responsibly.

Firefox to introduce click-to-play option to protect against dangerous plugins

Firefox to introduce click-to-play option to protect against dangerous plugins

Mozilla developer Jared Wein is introducing a new security feature to Firefox 14 called click-to-play. Plugins will not load automatically when visiting websites using things like Flash and Java requiring the user to click before the content is loaded. This could prevent many common drive-by attacks on the web.

Privacy concerns over popular ShowIP Firefox add-on

Privacy concerns over ShowIP Firefox add-on

A popular Firefox add-on appears to have started leaking private information about every website that users visit, including sensitive data which could identify individuals or reduce their security to a third-party server.

Another certificate authority issues dangerous certficates

iStock_VoidStamp250

Mozilla has revoked the signing privileges of another certificate authority for issuing weak and incomplete SSL/TLS certificates.

Firefox 7 security fixes, http vs https and data collection

Firefox 7

Mozilla has released Firefox 7, the latest incarnation of their popular web browser.

Recently Firefox has been getting through new version numbers faster than a fat man chasing a ice cream van.

Firefox 6.0.2 fixes yet more DigiNotar certificate fallout

msfa35-square

Firefox 6.0.2 has just come out, blocking even more browser certificates than Firefox 6.0.1, in yet more fallout from the mess caused by disgraced Dutch web security company DigiNotar.