Tag: Firefox

New Malware Harvests Saved Credentials on Firefox, Chrome

New Malware Harvests Saved Credentials on Firefox, Chrome

Researchers from Proofpoint recently uncovered a malware being used in a phishing campaign called Vega Stealer which is being used to steal credentials and financial data from Chrome and Firefox browsers. A variant of August Stealer, the new malware is said to have upgraded capabilities which includes a new network communication protocol and Firefox stealing functionality which nabs password and key files –  “key3.db” “key4.db”, “logins.json”, and “cookies.sqlite”. Vega Stealer also able to take screenshots, scan the infected computer and swipe .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf files. Source: ZDNet

Firefox Password System ‘Insufficiently Secured’ for Years

Firefox Password System ‘Insufficiently Secured’ for Years

Wladimir Palant, the author of the AdBlock Plus extension, recently revealed that the encryption scheme used by Firefox for years had relatively been unsecure and could easily be broken by brute force attacks. Palant said that Firefox’s and Thunderbird’s master password system, which has an SHA-1 function iteration count of 1, is a huge red flag since the industry standard is 10,000. Software engineer Justin Dolske had reported the same issue nine years ago right after the master password feature’s launch. However, Mozilla only responded to Palant’s report and said that the issue would be fixed in the new password […]

Mozilla to Delete Telemetry Data Collected via Firefox Crash Bug

Mozilla to Delete Telemetry Data Collected via Firefox Crash Bug

Last week, Mozilla announced that it will be deleting telemetry data which were inadvertently collected due to a flaw in Firefox’s crash reporter. It was found that these crash reports are not fully anonymized and include sensitive data that may identify the user. Mozilla engineers revealed that Firefox had been sending back crash data automatically since the release of version 52, way back in March 2017. They added that they had to delete all the data, even the ones from those who agreed to send back reports, since they could not distinguish the difference between the reports.   Users and […]

Safari Full of Security Bugs, According to Google Test

Safari Full of Security Bugs, According to Google Test

Google’s Project Zero team recently used a new security testing toolkit on 5 browsers and found Safari had the most number of flaws. Using Domato, a “fuzzer” that inputs random data into a software application to test for abnormalities, Google engineer Ivan Fratric found that Safari had the worst results out of the 5 browsers that included Chrome, Firefox, Internet Explorer, and Edge. Safari was found to have a total of 17 security bugs after being subjected to 100 million fuzz tests. The team then contacted each browser vendor and gave them a bug report and a copy of the […]

Mozilla Launches Three New Experimental Applications for User Review

Mozilla Launches Three New Experimental Applications for User Review

Developers at Mozilla have released three new exploratory features through its Test Pilot program, enabling users to check new applications through a specialized add on. Once a feature gets a good rating, it will be part of the Firefox core. The new applications are called Send, Voice Fill, and Notes. The platform also has other features like Pulse, Page Shot, SnoozeTabs, and Activity Stream. Send is a new file-sharing program that allows users to drag and share encrypted files. It gives a URL that can only be downloaded once before it is removed from the system. Voice Fill is the […]