Firefox

(get it in RSS or Atom)

SSCC 198 - "Fusking"? Did I hear that correctly? [PODCAST]

A week of many patches, Lenovo in the news again, an anti-forensic tool with a misleading name, and the rudely-named "sport" of Fusking.

Listen to our latest straight-talking security podcast...

SSCC 193 - Pick a YouTube security token, any token! [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest computer security stories in their inimitable style.

Turn news into advice with the Sophos Security Chet Chat!

Firefox issues brand new update to fix HTTPS security hole in new update

ff-hhtp2-500

Firefox 37.0 added support for a security-enhancing feature in HTTP/2 known as Alternative Services.

Unfortunately, the new feature had a rather bad HTTPS security hole all of its own...

"Pwn2Own" competition pops Flash, Reader and four browsers, pays out over $550K [POLL]

Pwn2Own has become something of an institution on the North American computer security conference circuit.

Come and vote in our poll to tell us what you think of security contests like this...

Firefox to get a "walled garden" for browser extensions, Mozilla to be sole arbiter

Mozilla has announced that its Firefox browser is heading towards signed browser extensions only.

Even if you publish your extensions "off market," you'll have to get Mozilla to sign them first.

Update Tuesday wrap-up, January 2015 - See? We didn't use the word "Patch"!

Like fingers and thumbs, not all updates are patches, even if all patches are updates.

So, here's the skinny on Update Tuesday...including the security patches, of course.

Firefox turns 10 - celebrates by helping you to forget

The Firefox browser just turned 10.

Paul Ducklin takes a trip down memory lane...

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

moz-250

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Monday review - the hot 27 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprises

fftb-250

Firefox 31 is out.

So is its updated conservative older brother, the Extended Support Release, now at 24.7.

And Firefox's email-oriented cousin Thunderbird gets updated, too.

Monday review - the hot 17 stories of the week

dow-250

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Firefox 29 is out - it's more secure, but does it *look* better, too?

ff-250

Firefox 29 is out, in accordance with Mozilla's regular Tuesday-based 42 day update cycle.

There are numerous security fixes combined with some rather in-your-face visual changes...

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...