The United States Cybersecurity and Infrastructure Agency (CISA), part of the Department of Homeland Security, this week urged customers who are using the Firefox browser to upgrade to version 72.0.1, as there is a major vulnerability in older versions of the Firefox browser.
Mozilla released Firefox 72.0.1 on Wednesday to address a security issue that allows malicious entities to run unauthorized code on a target computer through a webpage, letting them take control of an affected system. From Mozilla:
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
As the above quote states, there are known targeted attacks exploiting this flaw, which means it's important for all Firefox users to upgrade, including enterprise users.
The vulnerability was first discovered by Chinese company Qihoo 360 two days after the release of Firefox 72, but there is no word on how long the bug has been exploited nor who used the vulnerability or who might have been targeted. This is the third zero-day vulnerability that Mozilla has addressed within the last year, with the company patching two other major vulnerabilities in June 2019.
MacRumors readers who use Firefox for Mac but have not installed the latest version should make sure to do so. The latest version of Firefox can be downloaded from the Mozilla website or through the update function within Firefox itself.
Mozilla has launched Firefox 70 for macOS, which continues to enhance the browser's privacy features as well as bringing significant improvements to performance and power efficiency.
Recent versions of Firefox have included several extensions to the Mozilla's Enhanced Tracking Protection (ETP) system, and this release is no different. ETP now features social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn.
Firefox 70 also introduces a Privacy Protections report, which offers a summary of the trackers Firefox has blocked. So if you think the blocking is too strict (if a website doesn't work properly, for example) you can check the report and customize the protection accordingly.
In addition, there are improvements to Firefox Lockwise, the browser's digital identity and password management tool. Lockwise now lets you create, update, and delete logins and passwords to sync across all your devices. Meanwhile, integrated breach alerts from Firefox Monitor notify you if saved logins and passwords have been compromised in online data breaches, and Monitor is also now capable of complex password generation.
Thanks to improvements to the browser's core engine components, Firefox 70 users can also expect a significant reduction in power consumption (Mozilla quote improved power usage by three times or more for many use cases), along with faster page loads by as much as 22 percent, and reduced resource use for video by up to 37 percent.
Mozilla's full changelog can be found here. If you're already a Firefox user, you should receive an automatic upgrade after restarting the browser. For everyone else, Firefox 70 is available for macOS as a free download directly from the Mozilla website.
Mozilla this week began piloting its own browser-based VPN service, and if you're located in the U.S. you can start testing it for free right away.
Called the Firefox Private Network, the service promises Firefox users a more secure, encrypted path to the web that prevents eavesdroppers from spying on your browsing activity and hides your location from websites and ad trackers.
In that respect, it won't protect any internet traffic outside of your web browser, but it's a good option if you want to use an encrypted connection on the fly when you're using Firefox on a public Wi-Fi network, for example.
As a time-limited beta, the Firefox Private Network is currently free to try, although this does suggest it may become a paid service in the future. You also need to be a U.S. resident logged into your Firefox account using Firefox desktop browser.
If you can fulfill those pre-requisites, you can install the private network by navigating to this page, clicking the blue + Add to Firefox button, then granting permission for the network to be added to the browser.
Click the door hanger icon that appears at the top-right corner of the toolbar, and you'll see a switch that you can use to toggle the VPN on and off. A green tick in the icon indicates the secure network is active and your browsing activity is being encrypted.
Opera browser offers a similar free VPN service that cloaks your web browsing, but with the added benefit that it lets you choose the continent that you want your connection to reside. So if you're looking to access a location-restricted service (Netflix, say) from abroad, you might have better luck using it instead.
Mozilla has launched Firefox 69 for Macs, boasting performance improvements and some notable updates to its security repertoire.
Firefox 69 for desktop now blocks third-party tracking cookies by default for all users. The feature is an existing part of the browser's Enhanced Tracking Protection system that was actually launched in June, but that introduced the default setting only for new users. Now even existing Firefox users are protected as standard.
Firefox's default anti-tracking smarts now also extend to blocking cryptomining, a nefarious practice that aggressively hogs processor cycles and battery life in the background as it mines for cryptocurrency while the unsuspecting user browses the web. Firefox 69 also blocks fingerprinting in the user-selected Strict mode, and Mozilla says it plans to turn this protection on by default in a later release.
Firefox users can tell if they have ETP enabled by looking for a shield icon in the address bar, which indicates tracker blocking is active. Users can also click on the icon to view a Content Blocking menu listing all currently blocked tracking cookies. From here, it's also possible to disable tracking cookie blocking on a per site basis.
Security aside, other new features in this release include the ability to block autoplaying videos, including those that don't play audio. For users in the US or using the en-US browser, there's a new New Tab page experience that connects them to the best of Pocket's content, while macOS users can also look forward to improved battery life and a download manager interface that displays file download progress.
Mozilla's full changelog can be found here. If you're already a Firefox user, you should receive an automatic upgrade after restarting the browser. For everyone else, Firefox 69 is available for macOS as a free download directly from the Mozilla website.
Mozilla has patched twozero-day security vulnerabilities in Firefox that allowed backdoors to be installed on Macs, bypassing Apple's usual XProtect and Gatekeeper protections. Firefox users should update the browser immediately.
The zero-days were exploited by unnamed hackers this week, but so far, attacks are known only to have targeted Mac users involved in cryptocurrency.
3/ We’ve seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted. We’re also releasing a set of IOCs that orgs can use to evaluate their potential exposure.
The Mozilla Foundation is working on a premium version of its Firefox browser, according to a new report. German media site T3N ran an interview with Chris Beard, CEO of Firefox, who appeared to confirm that a paid tier of the browser could be ready to launch by October this year.
According to Beard, the premium version of Firefox is likely to include a VPN, secure cloud storage, and other subscription services such as paywalled content access.
"We will probably launch some new services first and then we will think carefully about which model makes the most sense while ensuring the best user safety," said Beard. "Firefox and many security features and services, like ETP [Enhanced Tracking Protection], will still be free, that's for sure."
Mozilla has been experimenting offering ProtonVPN to some Firefox users for a $10 per month subscription, but Beard says the company is now considering offering some amount of free VPN bandwidth to non-paying users, and a premium metered VPN service as a monthly subscription.
Mozilla currently earns its money through read-it-later and content discovery service Pocket, which it owns, but the majority of its revenue comes from the search engines used in its free browser.
After Beard's interview was published, The Next Web received a statement from Dave Camp, senior vice president of Firefox, who confirmed that paid products are actively in development:
We were founded on the belief that the internet should be open and accessible to all. A high-performing, free and private-by-default Firefox browser will continue to be central to our core service offerings. We also recognize that there are consumers who want access to premium offerings, and we can serve those users too without compromising the development and reach of the existing products and services that Firefox users know and love.
There's no word as yet on pricing for the upcoming paid version of Firefox, the standard version of which relaunched last year powered by a new Quantum engine and including several privacy-focused features.
In perhaps a hint at its planned new product launches, Mozilla on Tuesday unveiled a family of new Firefox logos, designed to give a unified identity to its broadening suite of products and services that become accessible to users who open a Firefox account. For example, Lockwise is a secure password manager, and Monitor that notifies users if their email has been part of a known data breach.
Apple's latest marketing campaign — "Privacy. That's iPhone" — made us raise our eyebrows.
It's true that Apple has an impressive track record of protecting users' privacy, from end-to-end encryption on iMessage to anti-tracking in Safari.
But a key feature in iPhones has us worried, and makes their latest slogan ring a bit hollow.
Each iPhone that Apple sells comes with a unique ID (called an "identifier for advertisers" or IDFA), which lets advertisers track the actions users take when they use apps. It's like a salesperson following you from store to store while you shop and recording each thing you look at. Not very private at all.
These identifiers can already be manually reset under Settings > Privacy > Advertising on iOS devices and under Settings > General > Privacy on Apple TV, but Mozilla is asking for "a real cap" with an automatic monthly reset to make it "harder for companies to build a profile about you over time."
"If Apple makes this change, it won't just improve the privacy of iPhones — it will send Silicon Valley the message that users want companies to safeguard their privacy by default," wrote Ashley Boyd, Mozilla's VP of Advocacy.
Interest-based ads in the App Store and Apple News app are based on information such as your App Store search history and Apple News reading history. Apple makes it easy to opt out, but Mozilla argues that "most people don't know that feature even exists, let alone that they should turn it off."
Mozilla has announced a new security tool for users of its Firefox web browser. Called Firefox Monitor, the website lets visitors check if their accounts have been included in known data breaches and the types of data exposed in each breach.
The security tool is the result of a partnership between Mozilla and HaveIBeenPwned.com (HIBP), a site set up by security researcher Troy Hunt that includes a database of email addresses that are known to have been compromised in data breaches.
Thanks to the partnership, Firefox is able to check email addresses against the HIBP database via a method of anonymized data sharing (full details can be found in Troy Hunt's blog post). The new tool builds on Firefox's existing HIBP integration, which tells users if a site they are visiting was previously exposed in a data breach.
Mozilla has updated Firefox for iOS with some notable changes, including new iPad features and default tracking protection in both regular and private browsing sessions.
The additional privacy measure means users get automatic ad and content blocking when browsing unless they opt out, while those who want to selectively deploy Tracking Protection need only tap the menu button and slide the feature’s toggle.
On the iPad front, Mozilla has added the ability to re-order multiple open tabs to prioritize them. To do so, long-press a specific tab and drag it into the desired position. Meanwhile, in Split View, it’s now possible to share and open links by dragging and dropping them to and from Firefox to any application, whether they’re in an email or a tweet.
Firefox has also implemented new keyboard shortcuts for standard navigation, as well as several improvements for easier tab tray navigation, like Command-Option-Tab to get to and from the all tabs view. Users seeking more details on the full range of keyboard shortcuts available in Firefox can check Mozilla’s online guide.
Firefox for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]
Mozilla on Tuesday officially announced Firefox 57, the new "Quantum" version of its flagship desktop web browser for Mac, Linux, and Windows. Aside from a redesigned interface and a slew of new UI features, Mozilla says Quantum offers speeds twice as fast as Firefox 52 and a new engine that uses 30 percent less memory than Google Chrome.
The performance advantages are said to be down to Firefox's "just right" multi-process architecture, which uses separate processes to run its user interface and tabbed web page content. These additional processes are able to run across multiple CPU cores, making it much less likely for open web pages to negatively impact each other or the performance of the web browser in general.
While both Firefox and Chrome now run using multiple processes, Mozilla claims to have done things differently to avoid using up precious working memory. Chrome creates a separate content process for each open tab, and each tab typically consumes hundreds of megabytes of RAM, which has earned the browser a reputation as a resource hog.
Where Quantum differs, claims Mozilla, is in its more conservative approach to using multiple processes. By default, Firefox now creates up to four separate processes for web page content, so the first four tabs each use those four processes, and additional tabs run using threads within those processes. This leads to multiple tabs within a process sharing the browser engine that already exists in memory, instead of each one creating their own.
In addition to the under-the-hood improvements, the redesigned "Photon" user interface offers a less cluttered, more minimalist environment for browsing the web and aims to look better on modern high DPI displays. It also adds several new features including a built-in tool to take screenshots, and a new library for putting things like browsing history, bookmarks, Pocket lists, and synced tabs in one convenient place.
Firefox 57 also includes support for WebVR, which enables websites to take full advantage of VR headsets like the HTC Vive, while Mozilla's Pocket service is now more integrated in the browser and displays trending articles on the new tab page. Last but not least, a new feature called Tracking Protection blocks extensive requests for online user tracking. It works by default in the Private browsing window and Mozilla reckons it reduces the average page loading time by around 44 percent.
With all the changes, Firefox has had to lose support for many existing extensions written in XUL. Firefox Quantum only supports WebExtensions, which have more limitations, similar to Chrome extensions. Existing users can check the status of their extensions by navigating to Menu -> Add-Ons. Compatible ones are shown under "Extensions", while deactivated browser extensions appear under "Legacy Extensions" alongside an option to find the closest equivalent replacement available.
If you're already a Firefox user, you should receive an automatic upgrade to Quantum after restarting the browser. For everyone else, Firefox Quantum is available for macOS as a free download directly from the Mozilla website.