Mozilla

Mozilla Thunderbird email client stored OpenPGP keys in clear text

The researcher found that for several months Mozilla Thunderbird saved some users’ OpenPGP keys in plain text format. or example, Thunderbird users recently realized that when they open a program, they can view emails encrypted by OpenPGP without entering their master passwords. Such messages in Thunderbird should only be viewable after authentication. The vulnerability has been identified as CVE-2021-29956 and has a low severity level. The bug affected the mail client of all versions between 78.8.1 and 78.10.1. It allowed a local attacker to see imported OpenPGP keys stored on users’ devices without encryption. Thus, an attacker could view and copy someone else’s keys and then impersonate the sender of the protected emails. Thunderbird maintainer Kai Engert admits that this …

Mozilla Thunderbird email client stored OpenPGP keys in clear text Read More »

Mozilla Thunderbird and OpenPGP

Mozilla Drops FTP Support Permanently with Firefox 88 Release

Last year, we talked about the fact that the Mozilla developers are dropping support for FTP, recognizing it as an insecure protocol. hus, users will no longer be able to upload files via FTP, as well as view the contents of FTP links and folders in the browser. The refuse from FTP had to be postponed due to the coronavirus pandemic, and so did the Google developers, who even managed to disable FTP in their browser, but then temporarily turned on support for the protocol back. Google developers have been talking about ditching FTP since 2014, as very few browser users (0.1-0.2%) use the protocol. In 2018, the company first announced plans to officially move away from FTP, and Google …

Mozilla Drops FTP Support Permanently with Firefox 88 Release Read More »

Mozilla Drops FTP Support

Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government

In early December, Kazakhstan authorities for the third time attempted to intercept all traffic of the users, including secure HTTPS connections. However, Apple, Google, Microsoft and Mozilla responded by blocking the MitM certificate of the Kazakhstan government. et me remind you that these attempts began back in 2015, when the government first announced the introduction of a “national security certificate”. It was supposed that users would be obliged to download and install a government certificate on all devices through which all protected traffic, including from foreign websites, would pass. Moreover, it was assumed that not only all HTTPS traffic, but also other TLS connections will be decrypted. In 2015, the attempt was unsuccessful, but in 2019, the country’s government returned …

Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government Read More »

MitM certificate of the Kazakhstan

Mozilla completely stops development of Firefox Send and Firefox Notes

This summer, I talked about how ZDNet journalists drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to spread malware. As a result, Mozilla has stopped development of Firefox Send indefinitely, but the developers have promised to rework it and improve security. et me remind you that Firefox Send was launched in March 2019. The service was a private file hosting service that allowed Firefox users to share files. “All files uploaded and transferred via Firefox Send were encrypted, and users could set the age for which files were stored on the server, and also set the number of downloads allowed before the expiration date”, – said the developers. Although Mozilla engineers …

Mozilla completely stops development of Firefox Send and Firefox Notes Read More »

Mozilla stops Firefox Send

Mozilla Downsizing Affects Security Professionals

Earlier this week, Mozilla fired 250 employees, and another 60 employees moved to other teams. The media reports that Mozilla’s downsizing has seriously affected security professionals. ozilla head and Mozilla Foundation CEO Mitchell Baker said the organization is forced to rethink its plans and adapt to the new realities that have changed greatly after COVID-19, and in various ways to strengthen its financial position. Given that Mozilla had approximately 1,000 employees, and the organization had already laid off 70 employees earlier this year, Mozilla lost a third of its workforce in 2020. “In the near future, Mozilla will rethink its business model and focus on financially viable products”, – said Mitchell Baker. It should be noted that previously about 90% …

Mozilla Downsizing Affects Security Professionals Read More »

Mozilla downsizing security professionals

Mozilla suspended Firefox Send service due to abuse and malware

Journalists from ZDNet drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to distribute the malware. Mozilla temporarily suspended the Firefox Send service (for the time of investigation), and the developers promise to improve it and add a “Report Abuse” button. irefox Send was launched in March 2019. The service is a private file hosting service and allows Firefox users to share files. All files downloaded and transferred via Firefox Send are stored in encrypted form, and users can set the retention period for files on the server, as well as set the permissible number of downloads before this “expiration date” expires. The service was available to all users at send.firefox.com. “Although …

Mozilla suspended Firefox Send service due to abuse and malware Read More »

Mozilla Suspended Firefox Send

Firefox Refuses to Support FTP Protocol

ZDNet reports that Mozilla developers consider FTP to be an insecure protocol and will soon refuse to support it in Firefox. herefore, users will no longer be able to upload files via FTP, and may not be able to view the contents of FTP links and folders in a browser. “We do this for security reasons. FTP is an insecure protocol, and there is no reason to choose it to download resources instead of HTTPS. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past», — said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. …

Firefox Refuses to Support FTP Protocol Read More »

Firefox Refuses to Support FTP
Scroll to Top