Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now

Mozilla has patched two zero-day security vulnerabilities in Firefox that allowed backdoors to be installed on Macs, bypassing Apple's usual XProtect and Gatekeeper protections. Firefox users should update the browser immediately.


Ars Technica's Dan Goodin:
Mozilla released an update on Tuesday that fixed a code-execution vulnerability in a JavaScript programming method known as Array.pop. On Thursday, Mozilla issued a second patch fixing a privilege-escalation flaw that allowed code to break out of a security sandbox that Firefox uses to prevent untrusted content from interacting with sensitive parts of a computer operating system.
The zero-days were exploited by unnamed hackers this week, but so far, attacks are known only to have targeted Mac users involved in cryptocurrency.


As noted by Mac security expert Patrick Wardle, XProtect and Gatekeeper provided no protection in this case, as they only scan applications that have a quarantine flag set. Fortunately, this may change in macOS Catalina.

Firefox users on Mac should update the web browser to version 67.0.4 as soon as possible to keep themselves protected.

More details can be read at Ars Technica.


This article, "Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now" first appeared on MacRumors.com

Discuss this article in our forums

Mozilla Says Paid Version of Firefox With Premium Features Coming Later This Year

The Mozilla Foundation is working on a premium version of its Firefox browser, according to a new report. German media site T3N ran an interview with Chris Beard, CEO of Firefox, who appeared to confirm that a paid tier of the browser could be ready to launch by October this year.

According to Beard, the premium version of Firefox is likely to include a VPN, secure cloud storage, and other subscription services such as paywalled content access.
"We will probably launch some new services first and then we will think carefully about which model makes the most sense while ensuring the best user safety," said Beard. "Firefox and many security features and services, like ETP [Enhanced Tracking Protection], will still be free, that's for sure."
Mozilla has been experimenting offering ProtonVPN to some Firefox users for a $10 per month subscription, but Beard says the company is now considering offering some amount of free VPN bandwidth to non-paying users, and a premium metered VPN service as a monthly subscription.

Mozilla currently earns its money through read-it-later and content discovery service Pocket, which it owns, but the majority of its revenue comes from the search engines used in its free browser.

After Beard's interview was published, The Next Web received a statement from Dave Camp, senior vice president of Firefox, who confirmed that paid products are actively in development:
We were founded on the belief that the internet should be open and accessible to all. A high-performing, free and private-by-default Firefox browser will continue to be central to our core service offerings. We also recognize that there are consumers who want access to premium offerings, and we can serve those users too without compromising the development and reach of the existing products and services that Firefox users know and love.
There's no word as yet on pricing for the upcoming paid version of Firefox, the standard version of which relaunched last year powered by a new Quantum engine and including several privacy-focused features.


In perhaps a hint at its planned new product launches, Mozilla on Tuesday unveiled a family of new Firefox logos, designed to give a unified identity to its broadening suite of products and services that become accessible to users who open a Firefox account. For example, Lockwise is a secure password manager, and Monitor that notifies users if their email has been part of a known data breach.


This article, "Mozilla Says Paid Version of Firefox With Premium Features Coming Later This Year" first appeared on MacRumors.com

Discuss this article in our forums

Firefox 62 for Mac Makes Browser Mojave-Ready With New Automatic Dark Theme

Mozilla today launched Firefox 62 web browser for macOS, bringing variable fonts support and a new automatic dark theme to Mac desktops.

By introducing a dark theme to the browser, Mozilla is following up the one it added to its mobile counterpart last month, the only difference being that the desktop version comes with intelligent support for the new native Dark Mode featured in macOS 10.14 Mojave.


What that means is Firefox automatically switches to the twilight theme whenever the the macOS Dark Mode is active, making for a more uniform desktop application interface without requiring action on the user's part.

Meanwhile, support for variable fonts makes it possible for web designers to create typography using a single font file, rather than generating several files for variations of the same font.

Also listed in this release's changelog: Firefox Home (default new tabs) can now display up to four rows of top sites, Pocket stories, and highlights, while a "Reopen in Container" tab menu option appears for users with Containers that lets them choose to reopen a tab in a different container.

Lastly, disconnecting from the desktop version of Firefox Sync prompts the browser to ask if you want to wipe your Firefox profile, including passwords, history, cookies, and web data.

Firefox now has 300 million active users, according to Mozilla's weekly user activity report. If you're already a Firefox user, you should receive an automatic upgrade after restarting the browser. For everyone else, Firefox 62 is available for macOS as a free download directly from the Mozilla website.

Tag: Firefox

Discuss this article in our forums

Firefox Test Pilot Program Expands to Mobile With ‘Firefox Lockbox’ Password Storage iOS App

Mozilla's Firefox Text Pilot program allows users to test out experimental features and provide feedback that goes toward improving the service, and today the company is expanding the program to include two mobile apps. The first is an iOS app called Firefox Lockbox and it enables you to access your saved passwords within the app so that you can easily sign into various other apps on your iPhone.


The password management app syncs with existing Firefox accounts and imports the passwords you've already saved in the Firefox browser. You can then browse a list of all your passwords, copy the one you need, navigate to another app, and paste it into the log-in field. The company says the app is secured by 256-bit encryption and supports unlocking via Touch ID and Face ID.

Since Firefox Lockbox requires you to sync existing passwords from the browser, it'll only be useful for those users who regularly use Firefox to browse online and store their log-in information.
With Firefox Lockbox, iOS users will be able to seamlessly access Firefox saved passwords. This means you can use any password you’ve saved in the browser to log into any online account like your Twitter or Instagram app. No need to open a web page. It’s that seamless and simple. Plus, you can also use Face ID and Fingerprint touch to unlock the app, so you can safely access your accounts.
Notes by Firefox is the second Test Pilot app, and is built for Android users so that they can take and store notes across desktop and mobile devices. Any note written in the Firefox browser can then be synced to the new mobile app, and vice versa.


For those interested in testing out the apps, you will need a Firefox account and Firefox Sync to gain full functionality of each of the app's features. Otherwise, the company explains that the Test Pilot program is open to all Firefox users to try out, and the Firefox Lockbox app is available on the iOS App Store for free starting today [Direct Link].

Tag: Firefox

Discuss this article in our forums

Firefox to Get New Security Tool With ‘Have I Been Pwned’ Email Database Integration

Mozilla has announced a new security tool for users of its Firefox web browser. Called Firefox Monitor, the website lets visitors check if their accounts have been included in known data breaches and the types of data exposed in each breach.

The security tool is the result of a partnership between Mozilla and HaveIBeenPwned.com (HIBP), a site set up by security researcher Troy Hunt that includes a database of email addresses that are known to have been compromised in data breaches.

Thanks to the partnership, Firefox is able to check email addresses against the HIBP database via a method of anonymized data sharing (full details can be found in Troy Hunt's blog post). The new tool builds on Firefox's existing HIBP integration, which tells users if a site they are visiting was previously exposed in a data breach.


In February, password management app 1Password announced its own partnership with HIBP, which lets users check that their passwords haven't been leaked online. Since that time, developers AgileBits has built Pwned Passwords database list into its 1Password desktop apps. As of today, users can also search HIBP from directly within 1Password via the Watchtower feature in the web version of the product.

Mozilla says it will begin trialling the new integration between HIBP and Firefox to make breach data searchable over the coming weeks.

Firefox Quantum is available for macOS as a free download directly from the Mozilla website.


Discuss this article in our forums

Mozilla Releases Firefox 58 for Mac With Performance Optimizations

Mozilla today announced the launch of Firefox 58, building upon the new "Quantum" features that were introduced in Firefox 57 back in November.

Firefox 57 introduced a redesigned interface, new UI features, speeds twice as fast as Firefox 52, and an engine that uses 30 percent less memory than Google Chrome, and Mozilla is continuing to introduce additional improvements in Firefox 58.

Firefox 58 includes updates to Gecko, Firefox's rendering engine, which are designed to streamline and speed up the browsing experience. Specific new additions include background tab throttling, a WebAssembly Streaming Compiler, and Off-Main-Thread Painting (OMTP) for a "significantly better" rendering process, with full details on the speed improvements available on the Firefox blog.

Improvements have also been made to the way CSS fonts are displayed for shorter loading times, there's a new Promise feature to reduce redundant code, and functional and privacy improvements have been made to Firefox Screenshots. Full release notes for the update are available from the Firefox website.
With this release, we're building on the great foundation provided by our all-new Firefox Quantum browser. We're optimizing the performance gains we released in 57 by improving the way we render graphics and cache JavaScript. We also made functional and privacy improvements to Firefox Screenshots. On Firefox for Android, we've added support for Progressive Web Apps (PWAs) so you can add websites to your home screen and use them like native apps.
Existing Firefox users will be able to upgrade to Firefox 58 automatically by restarting the browser. Non-Firefox users can download Firefox 58 for macOS for free from the Mozilla website.

Tag: Firefox

Discuss this article in our forums

Mozilla Releases Firefox 57 ‘Quantum’ Web Browser

Mozilla on Tuesday officially announced Firefox 57, the new "Quantum" version of its flagship desktop web browser for Mac, Linux, and Windows. Aside from a redesigned interface and a slew of new UI features, Mozilla says Quantum offers speeds twice as fast as Firefox 52 and a new engine that uses 30 percent less memory than Google Chrome.


The performance advantages are said to be down to Firefox's "just right" multi-process architecture, which uses separate processes to run its user interface and tabbed web page content. These additional processes are able to run across multiple CPU cores, making it much less likely for open web pages to negatively impact each other or the performance of the web browser in general.

While both Firefox and Chrome now run using multiple processes, Mozilla claims to have done things differently to avoid using up precious working memory. Chrome creates a separate content process for each open tab, and each tab typically consumes hundreds of megabytes of RAM, which has earned the browser a reputation as a resource hog.


Where Quantum differs, claims Mozilla, is in its more conservative approach to using multiple processes. By default, Firefox now creates up to four separate processes for web page content, so the first four tabs each use those four processes, and additional tabs run using threads within those processes. This leads to multiple tabs within a process sharing the browser engine that already exists in memory, instead of each one creating their own.


In addition to the under-the-hood improvements, the redesigned "Photon" user interface offers a less cluttered, more minimalist environment for browsing the web and aims to look better on modern high DPI displays. It also adds several new features including a built-in tool to take screenshots, and a new library for putting things like browsing history, bookmarks, Pocket lists, and synced tabs in one convenient place.

Firefox 57 also includes support for WebVR, which enables websites to take full advantage of VR headsets like the HTC Vive, while Mozilla's Pocket service is now more integrated in the browser and displays trending articles on the new tab page. Last but not least, a new feature called Tracking Protection blocks extensive requests for online user tracking. It works by default in the Private browsing window and Mozilla reckons it reduces the average page loading time by around 44 percent.


With all the changes, Firefox has had to lose support for many existing extensions written in XUL. Firefox Quantum only supports WebExtensions, which have more limitations, similar to Chrome extensions. Existing users can check the status of their extensions by navigating to Menu -> Add-Ons. Compatible ones are shown under "Extensions", while deactivated browser extensions appear under "Legacy Extensions" alongside an option to find the closest equivalent replacement available.

If you're already a Firefox user, you should receive an automatic upgrade to Quantum after restarting the browser. For everyone else, Firefox Quantum is available for macOS as a free download directly from the Mozilla website.


Discuss this article in our forums

Firefox Updated With Screenshot Feature, Cross-Platform Tab Delivery, and Form Autofilling

Earlier this week Firefox announced its upcoming "Quantum" browser that will bring twice the internet browsing speeds when it launches on November 14. Ahead of that major update, the company is now releasing a few minor additions to Firefox on desktop that will let you save screenshots, share content more easily between your computer and smartphone, and more.

Screenshots allow you to capture any area within the Firefox browser without needing to download new software. After tapping a "Screenshot" button, Firefox presents a new interface where you can customize the specific part of the page you want to take a shot of, or let Firefox automatically detect the area you want, and then click save.


You can save the screenshot to the web and generate a URL for easy sharing, or download the file to your computer. Firefox will also keep track of all the screenshots in a new "My Shots" folder, saving images automatically for two weeks.

"Send Tabs" allows you to two-finger click on a tab open on Mac and select "Send tab to..." and choose between synced iPhone and iPad devices, which will then have the same tab ready for you in the mobile Firefox app. The same function can be repeated in reverse, and is supported by PCs and Android smartphones as well. Firefox also ensured that Send Tabs is encrypted end-to-end, so "even Mozilla can't decrypt it."


The last new feature is coming to the United States first and aims to make filling out address forms easier, allowing you to complete online forms on shopping sites and relief organizations through a dropdown menu.

After you fill out the relevant information once on Firefox, the browser will ask to automatically save the field information to "Saved Addresses," which will then resurface when another website asks for similar data. You can save multiple addresses, which Firefox said should be useful for information like where you work, your home, and addresses of family members when you send gifts.

These updates are available in the latest version of Firefox, which you can download now from the Firefox website.

Tag: Firefox

Discuss this article in our forums

Firefox Announces New ‘Quantum’ Browser With 2X Faster Speeds, Coming November 14

Firefox today announced that the latest version of its web browsing software -- which it's calling "Firefox Quantum" instead of "Firefox 57" -- will be available as an update for users beginning November 14, with a beta of the browser hitting iOS, Android, and desktop today.


The company said that the biggest advantage of Quantum is its speed, which is twice as fast as Firefox 52 when measured using Speedometer 2.0, a benchmark that simulates modern web applications. Firefox said that Quantum takes advantage of multiple CPU cores offered by today's desktop and mobile devices, instead of running on just one core, resulting in a "dramatically faster" web browser.

The company updated a few other features so that Quantum runs smoothly, including making sure that the tab open on the browser downloads and runs prior to other tabs in the background. When compared to Chrome -- which Firefox directly compared itself to in a new video -- Quantum is said to be faster than Google's browser, "while consuming roughly 30 percent less RAM."


The user experience of Quantum has also been overhauled and enhanced through the company's Photon project, which tasked Firefox's design team to research and understand "how users perceive web browsers." The team's findings have resulted in a more "modern" design that's built for "task focused" users. Quantum also comes with more direct integration with read-it-later app Pocket, which Mozilla acquired last year.
The new, minimalist design introduces square tabs, smooth animations, and a Library, which provides quick access to your saved stuff: bookmarks, Pocket, history, downloads, tabs, and screenshots. Firefox Quantum feels right at home with today’s mouse and touch-driven operating systems: Windows 10, macOS High Sierra, Android Oreo, and iOS 11.
Quantum will also continue to support Firefox's "Tracking Protection" privacy technology, which the company found to mitigate invasive tracking of online activity throughout various studies. Specifically, Firefox's technology demonstrated a 67.5 percent reduction in the number of cookies set to a user's browsing habits during a visit to 200 websites. These improvements also allow for performance enhancements, according to Firefox, reducing page load times by as much as 44 percent and lowering mobile data usage by 39 percent on the sites visited in the study.

Firefox encourages users to sign up to be notified regarding news about the new Quantum browser, which can be done on the company's website right here. Ahead of the November 14 public launch, developers can also download the Firefox Quantum: Developer Edition starting today.

Tag: Firefox

Discuss this article in our forums