Firefox

Mozilla Drops FTP Support Permanently with Firefox 88 Release

Last year, we talked about the fact that the Mozilla developers are dropping support for FTP, recognizing it as an insecure protocol. hus, users will no longer be able to upload files via FTP, as well as view the contents of FTP links and folders in the browser. The refuse from FTP had to be postponed due to the coronavirus pandemic, and so did the Google developers, who even managed to disable FTP in their browser, but then temporarily turned on support for the protocol back. Google developers have been talking about ditching FTP since 2014, as very few browser users (0.1-0.2%) use the protocol. In 2018, the company first announced plans to officially move away from FTP, and Google …

Mozilla Drops FTP Support Permanently with Firefox 88 Release Read More »

Mozilla Drops FTP Support

Google says that a quarter of all 0-day vulnerabilities are new variations of old problems

Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches. he authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly. In 2020, thanks to the work of the Google Project Zero team, were identified 24 zero-day vulnerabilities, which were actively exploited by hackers. Six of them (in Chrome, Firefox, Internet Explorer, Safari and Windows) turned out to be new versions of previously known vulnerabilities. Supposedly, attackers carefully studied the old bug reports, figured out the original problems, and then created new versions of exploits for them. In …

Google says that a quarter of all 0-day vulnerabilities are new variations of old problems Read More »

Google on 0-day vulnerabilities

Mozilla completely stops development of Firefox Send and Firefox Notes

This summer, I talked about how ZDNet journalists drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to spread malware. As a result, Mozilla has stopped development of Firefox Send indefinitely, but the developers have promised to rework it and improve security. et me remind you that Firefox Send was launched in March 2019. The service was a private file hosting service that allowed Firefox users to share files. “All files uploaded and transferred via Firefox Send were encrypted, and users could set the age for which files were stored on the server, and also set the number of downloads allowed before the expiration date”, – said the developers. Although Mozilla engineers …

Mozilla completely stops development of Firefox Send and Firefox Notes Read More »

Mozilla stops Firefox Send

Mozilla Downsizing Affects Security Professionals

Earlier this week, Mozilla fired 250 employees, and another 60 employees moved to other teams. The media reports that Mozilla’s downsizing has seriously affected security professionals. ozilla head and Mozilla Foundation CEO Mitchell Baker said the organization is forced to rethink its plans and adapt to the new realities that have changed greatly after COVID-19, and in various ways to strengthen its financial position. Given that Mozilla had approximately 1,000 employees, and the organization had already laid off 70 employees earlier this year, Mozilla lost a third of its workforce in 2020. “In the near future, Mozilla will rethink its business model and focus on financially viable products”, – said Mitchell Baker. It should be noted that previously about 90% …

Mozilla Downsizing Affects Security Professionals Read More »

Mozilla downsizing security professionals

HIBP (Have I Been Pwned?) leak aggregator opens the source code

Founder of Have I Been Pwned? (HIBP) Troy Hunt announced that after a series of unsuccessful attempts to sell the project, about which he talked this spring, he decided to open the source code. et I remind you that HIBP, founded in 2013, is a service for verifying credentials for compromise. Collecting information about various data breaches, Troy Hunt created a unique database, the services and API of which are currently used by many sites and software (including Firefox and LastPass) to promptly notify their customers of a possible compromise. Hunt writes that over the years, he has invested a lot of effort, time, and resources into the project, but he can no longer continue to develop HIBP on his …

HIBP (Have I Been Pwned?) leak aggregator opens the source code Read More »

HIBP opens source code

Google: 11 0-day vulnerabilities identified in the first half of 2020

Google Project Zero experts estimate that 11 0-day vulnerabilities, actively exploited by hackers, were identified in the first half of 2020. he current number of 0-day problems indicates that, most likely, that overall this year will be identified the same number of zero-day vulnerabilities, as in 2019 (20). The link above leads to the company’s internal statistics, which Google specialists collected and tracked since 2014. So, for the first half of 2020, experts included the following problems in their list. 1. Firefox (CVE-2019-17026) The bug that received the identifier CVE-2019-17026 was discovered by experts from the Chinese company Qihoo 360, and it was associated with the work of IonMonkey – the JavaScript JIT compiler SpiderMonkey, the main component of the …

Google: 11 0-day vulnerabilities identified in the first half of 2020 Read More »

11 0-day vulnerabilities identified

Mozilla suspended Firefox Send service due to abuse and malware

Journalists from ZDNet drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to distribute the malware. Mozilla temporarily suspended the Firefox Send service (for the time of investigation), and the developers promise to improve it and add a “Report Abuse” button. irefox Send was launched in March 2019. The service is a private file hosting service and allows Firefox users to share files. All files downloaded and transferred via Firefox Send are stored in encrypted form, and users can set the retention period for files on the server, as well as set the permissible number of downloads before this “expiration date” expires. The service was available to all users at send.firefox.com. “Although …

Mozilla suspended Firefox Send service due to abuse and malware Read More »

Mozilla Suspended Firefox Send

Firefox Refuses to Support FTP Protocol

ZDNet reports that Mozilla developers consider FTP to be an insecure protocol and will soon refuse to support it in Firefox. herefore, users will no longer be able to upload files via FTP, and may not be able to view the contents of FTP links and folders in a browser. “We do this for security reasons. FTP is an insecure protocol, and there is no reason to choose it to download resources instead of HTTPS. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past», — said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. …

Firefox Refuses to Support FTP Protocol Read More »

Firefox Refuses to Support FTP
Scroll to Top