Mozilla Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/mozilla/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Tue, 24 May 2022 19:56:52 +0000 en-US hourly 1 https://wordpress.org/?v=78555 200474804 Firefox 100 and Chrome 100 may have user-agent issues https://gridinsoft.com/blogs/firefox-100-and-chrome-100-may-have-user-agent-issues/ https://gridinsoft.com/blogs/firefox-100-and-chrome-100-may-have-user-agent-issues/#respond Fri, 18 Feb 2022 19:15:23 +0000 https://gridinsoft.com/blogs/?p=7122 Mozilla developers have warned that sites may experience problems with the upcoming versions of Firefox 100 and Chrome 100 (released May 3 and March 29, 2022). The fact is that the release of new versions will mean that the user-agent values will become three-digit. The user-agent string contains information such as the name of the… Continue reading Firefox 100 and Chrome 100 may have user-agent issues

The post Firefox 100 and Chrome 100 may have user-agent issues appeared first on Gridinsoft Blog.

]]>
Mozilla developers have warned that sites may experience problems with the upcoming versions of Firefox 100 and Chrome 100 (released May 3 and March 29, 2022). The fact is that the release of new versions will mean that the user-agent values will become three-digit.

The user-agent string contains information such as the name of the browser, its version number, and information about the various technologies it uses. So, when a person visits a website, the browser’s user-agent is sent along with the web page request. This allows the resource to check the visitor’s software version and change their response depending on the features supported by the browser.

For example, the current user-agent of Mozilla Firefox version 97 looks like this: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0. And the user-agent for Google Chrome 98 is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36.

Bleeping Computer says that back in August 2021, Mozilla engineers began an experiment to find out if the three-digit user-agent “Firefox/100” would cause problems when working with sites. Google developers soon conducted a similar experiment for Chrome 100. As a result, the experts found a small number of sites that did not work correctly with the new user-agent.

Since then, Mozilla has been monitoring version 100 bugs and has already found issues on HBO Go, Bethesda, Yahoo, Slack, and resources created with the Duda builder. Most of these bugs are limited to “browser not supported” messages, as well as user interface issues that can affect different parts of sites.

Without a single specification to follow, different browsers have different formats for the user-agent string, and user-agent parsing is site-specific. Perhaps some parsing libraries contain hard-coded assumptions or bugs that do not take into account three-digit version numbers. Many libraries have improved parsing performance when browsers have moved to two-digit version numbers, so it is expected that the transition to three-digit versions will cause less problems.Mozilla engineers explain.

If problems with sites do arise and are too numerous, and Mozilla or Google cannot fix it before the release of new versions, developers have backup plans. In particular, Firefox has a mechanism that allows to “freeze” the user-agent to “Firefox/99” or inject CSS into a problem site. Similarly, Chrome can “freeze” the version displayed by the user-agent at 99 and list the actual browser version on a different part of the string.

Mozilla asks site administrators to check in advance whether their resources accept the user-agent Firefox 100 and Chrome 100 normally. To do this, in Firefox admin needs to open the Firefox Nightly settings menu, find “Firefox 100”, and then activate the “Firefox 100 User-Agent String” flag . This will change the Firefox user-agent string to Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0.

In Chrome, go to chrome://flags/#force-major-version-to-100, enable the setting, and the user-agent string will change to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4758.102 Safari/537.36.

If problems are found, then bug reports should be submitted to webcompat.com so that the developers have time to fix them.

Let me remind you that we also reported that Chrome 90 gets a new security feature to protect against attacks on Windows 10.

And, you may be interested in the information that Mozilla Downsizing Affects Security Professionals.

The post Firefox 100 and Chrome 100 may have user-agent issues appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/firefox-100-and-chrome-100-may-have-user-agent-issues/feed/ 0 7122
Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster https://gridinsoft.com/blogs/manufacturers-began-to-fix-zero-day-vulnerabilities-faster/ https://gridinsoft.com/blogs/manufacturers-began-to-fix-zero-day-vulnerabilities-faster/#respond Tue, 15 Feb 2022 21:58:56 +0000 https://gridinsoft.com/blogs/?p=7107 Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster

The post Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster appeared first on Gridinsoft Blog.

]]>
Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts.

On average, companies took 52 days to fix bugs, while three years ago they needed an average of 80 days. Thus, almost all vendors fixed the vulnerabilities within the industry standard of 90 days.

According to statistics collected for 2019-2021 and based on 376 zero-day vulnerabilities discovered by Google Project Zero experts, 26% of the problems related to Microsoft products, 23% to Apple and 16% to Google. That is, the three software giants accounted for 65% of all detected problems, and, according to experts, this well reflects the complexity and volume of their software products, which inevitably have “white spots” that even numerous security engineers miss.

fix 0-day vulnerabilities

Overall, the report named Linux, Mozilla, and Google as the best in terms of timely release of patches, while Oracle, Microsoft, and Samsung were named as the worst.

Recall, by the way, that we wrote that 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues.

In the highly competitive field of mobile OS, iOS and Android go hand in hand: the former has an average bug fix time of 70 days, while the latter has 72 days.

fix 0-day vulnerabilities

In the browser category, Chrome outperforms all competitors with an average bug fix period of 29.9 days, while Firefox comes in second with 37.8 days. Apple, in third place, took twice as long to fix bugs in WebKit, taking an average of 72.7 days.

Google Project Zero experts explain:

In this analysis, WebKit is the black sheep with the longest time it takes to release patches, at 73 days. Patch release time [for WebKit] is somewhere in between Chrome and Firefox. Unfortunately, this leaves a lot of time for opportunistic attackers to find a patch and exploit for the problem before the fix is available to users.

fix 0-day vulnerabilities

You might also be interested in reading what Google says that a quarter of all 0-day vulnerabilities are new variations of old problems.

READ ALSO: Zero Day Attacks – How To Prevent Them? What does a zero day attack mean? Or is there a way to avoid this danger?

The post Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/manufacturers-began-to-fix-zero-day-vulnerabilities-faster/feed/ 0 7107
Mozilla Thunderbird email client stored OpenPGP keys in clear text https://gridinsoft.com/blogs/mozilla-thunderbird-email-client-stored-openpgp-keys-in-clear-text/ https://gridinsoft.com/blogs/mozilla-thunderbird-email-client-stored-openpgp-keys-in-clear-text/#respond Wed, 26 May 2021 21:19:23 +0000 https://blog.gridinsoft.com/?p=5512 The researcher found that for several months Mozilla Thunderbird saved some users’ OpenPGP keys in plain text format. For example, Thunderbird users recently realized that when they open a program, they can view emails encrypted by OpenPGP without entering their master passwords. Such messages in Thunderbird should only be viewable after authentication. The vulnerability has… Continue reading Mozilla Thunderbird email client stored OpenPGP keys in clear text

The post Mozilla Thunderbird email client stored OpenPGP keys in clear text appeared first on Gridinsoft Blog.

]]>
The researcher found that for several months Mozilla Thunderbird saved some users’ OpenPGP keys in plain text format.

For example, Thunderbird users recently realized that when they open a program, they can view emails encrypted by OpenPGP without entering their master passwords. Such messages in Thunderbird should only be viewable after authentication.

The vulnerability has been identified as CVE-2021-29956 and has a low severity level. The bug affected the mail client of all versions between 78.8.1 and 78.10.1. It allowed a local attacker to see imported OpenPGP keys stored on users’ devices without encryption. Thus, an attacker could view and copy someone else’s keys and then impersonate the sender of the protected emails.

Thunderbird maintainer Kai Engert admits that this was his personal mistake due to lack of testing. The fact is that a few months ago, the key processes were rewritten in order to improve their security.

Previously, the process for handling newly imported OpenPGP keys in Thunderbird looked like this:

  • import of the secret key into a temporary memory area;
  • unlocking the key using the password entered by the user;
  • copying the key to permanent storage;
  • protection of the key using the automatic OpenPGP password in Thunderbird;
  • saving a new list of secret keys to disk.

But, according to Engert, after making changes to the code, the following happened (steps 3 and 4 were reversed):

  • import of the secret key into a temporary memory area;
  • unlocking the key using the password entered by the user;
  • protection of the key using the automatic OpenPGP password in Thunderbird;
  • copying the key to permanent storage;
  • saving a new list of secret keys to disk.
The author of the code (that is, me) and the reviewer suggested that this would be equivalent to [the previous version]. But our assumption that the protection of the private key in step 3 will be preserved when copied to another area … turned out to be false.says Engert.

In fact, when the key was copied to persistent storage, the protection was not copied along with it due to a bug in the RNP library that Thunderbird and Mozilla Firefox use to protect OpenPGP keys.

In Thunderbird version 78.10.2, the bug has been fixed, and now the mail client will check for unprotected keys in secring.gpg. If such keys are found, they will be converted to protected ones.

Let me remind you that I also wrote that Hackers used Firefox extension to hack Gmail.

The post Mozilla Thunderbird email client stored OpenPGP keys in clear text appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mozilla-thunderbird-email-client-stored-openpgp-keys-in-clear-text/feed/ 0 5512
Mozilla Drops FTP Support Permanently with Firefox 88 Release https://gridinsoft.com/blogs/mozilla-drops-ftp-support/ https://gridinsoft.com/blogs/mozilla-drops-ftp-support/#respond Mon, 19 Apr 2021 16:39:12 +0000 https://blog.gridinsoft.com/?p=5386 Last year, we talked about the fact that the Mozilla developers are dropping support for FTP, recognizing it as an insecure protocol. Thus, users will no longer be able to upload files via FTP, as well as view the contents of FTP links and folders in the browser. The refuse from FTP had to be… Continue reading Mozilla Drops FTP Support Permanently with Firefox 88 Release

The post Mozilla Drops FTP Support Permanently with Firefox 88 Release appeared first on Gridinsoft Blog.

]]>
Last year, we talked about the fact that the Mozilla developers are dropping support for FTP, recognizing it as an insecure protocol.

Thus, users will no longer be able to upload files via FTP, as well as view the contents of FTP links and folders in the browser.

We do this for security reasons. FTP is an insecure protocol, and there is no reason to choose it to download resources instead of HTTPS. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past.said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser.

The refuse from FTP had to be postponed due to the coronavirus pandemic, and so did the Google developers, who even managed to disable FTP in their browser, but then temporarily turned on support for the protocol back.

Google developers have been talking about ditching FTP since 2014, as very few browser users (0.1-0.2%) use the protocol. In 2018, the company first announced plans to officially move away from FTP, and Google engineers began implementing those plans last summer.

As such, it was planned that FTP support would be disabled by default with the release of Chrome 81, and after the release of version 82, all traces of the protocol would be permanently removed from the code.

But the fact is that many government agencies, including the National Institutes of Health, are still actively using FTP, and the developers decided not to create additional problems for them during the crisis.

Due to the current crisis, Google engineers decided to postpone the abandonment of FTP in a stable release, that is, the protocol will work again.said the Chrome developers.

Now Mozilla engineers have returned to the issue of dropping FTP support by default. In Firefox 88, released today, protocol support was disabled by default, and now Firefox, when faced with an FTP link, tries to pass it to an external application.

In the next release (Firefox 90), the developers are going to permanently remove all code related to the FTP implementation from the browser. Firefox for Android will also be affected by these changes. That is, in the end, users will need a separate client to work with FTP.

The post Mozilla Drops FTP Support Permanently with Firefox 88 Release appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mozilla-drops-ftp-support/feed/ 0 5386
Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government https://gridinsoft.com/blogs/apple-google-microsoft-and-mozilla-block-mitm-certificate-of-the-kazakhstan-government/ https://gridinsoft.com/blogs/apple-google-microsoft-and-mozilla-block-mitm-certificate-of-the-kazakhstan-government/#respond Tue, 22 Dec 2020 16:15:14 +0000 https://blog.gridinsoft.com/?p=4877 In early December, Kazakhstan authorities for the third time attempted to intercept all traffic of the users, including secure HTTPS connections. However, Apple, Google, Microsoft, and Mozilla responded by blocking the MitM certificate of the Kazakhstan government. Let me remind you that these attempts began back in 2015, when the government first announced the introduction… Continue reading Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government

The post Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government appeared first on Gridinsoft Blog.

]]>
In early December, Kazakhstan authorities for the third time attempted to intercept all traffic of the users, including secure HTTPS connections. However, Apple, Google, Microsoft, and Mozilla responded by blocking the MitM certificate of the Kazakhstan government.

Let me remind you that these attempts began back in 2015, when the government first announced the introduction of a “national security certificate”.

It was supposed that users would be obliged to download and install a government certificate on all devices through which all protected traffic, including from foreign websites, would pass. Moreover, it was assumed that not only all HTTPS traffic but also other TLS connections will be decrypted.

In 2015, the attempt was unsuccessful, but in 2019, the country’s government returned to this idea once again. So, last summer, local operators began to send out warnings to their subscribers about the need to install a security certificate, allegedly designed to protect against cyberattacks and help fight illegal content.

Then the browser makers responded by blocking the certificate, and the Kazakh government soon announced the “end of the exercise.”

In early December 2020, the authorities of Kazakhstan again announced cyber exercises and ordered the residents of Nur-Sultan and tourists to install a special security certificate on their devices. The authorities also forced local Internet providers to block users’ access to foreign sites if the certificate was not installed.

Cyberattacks on the Kazakhstani segment of the Internet increased 2.7 times during the COVID-19 pandemic.said the official representatives of the Kazakh authorities.

Censored Planet soon reported that the certificate was working against dozens of web services, mostly owned by Google, Facebook and Twitter. Censored Planet lists the following affected sites:

  • google.com
  • youtube.com
  • facebook.com
  • vk.com
  • instagram.com
  • twitter.com
  • Mail.ru
  • allo.google.com
  • android.com
  • cdninstagram.com
  • dns.google.com
  • docs.google.com
  • encrypted.google.com
  • goo.gl
  • mail.google.com
  • messages.android.com
  • messenger.com
  • news.google.com
  • ok.ru
  • picasa.google.com
  • plus.google.com
  • sites.google.com
  • tamtam.chat
  • translate.google.com
  • video.google.com
  • vk.me
  • www.youtube.com
  • www.messenger.com
  • www.google.com
  • www.facebook.com
  • www.instagram.com
  • groups.google.com
  • Hangouts.google.com

According to Censored Planet, the percentage of hosts in Kazakhstan that were intercepted increased from 7% to 11.5% this year.

However, this time browser developers responded with a blocking. So, starting from December 18, 2020, users of Safari, Edge, Chrome and Firefox, on whose devices is installed MITM certificate, will see warnings about a security violation and information that the certificate cannot be trusted.

In a blog post, the Mozilla developers remind that back in 2019 they concluded that “this act undermines the security of users and the Internet, and also directly contradicts Principle 4 of the Mozilla Manifesto, which states: “The safety and privacy of people on the Internet is fundamental and should not be considered optional”.

We urge users from Kazakhstan who have been affected by this change to explore the possibility of using a VPN or Tor browser to access the Internet. We also strongly recommend anyone, who has followed the steps to install the Kazakhstan government root certificate, remove it from the device and change the passwords immediately.write Firefox creators.

Let me remind you that for iOS was discovered a special exploit, with the help of which China traced the Uyghurs.

The post Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/apple-google-microsoft-and-mozilla-block-mitm-certificate-of-the-kazakhstan-government/feed/ 0 4877
Mozilla completely stops development of Firefox Send and Firefox Notes https://gridinsoft.com/blogs/mozilla-completely-stops-development-of-firefox-send-and-firefox-notes/ https://gridinsoft.com/blogs/mozilla-completely-stops-development-of-firefox-send-and-firefox-notes/#respond Fri, 18 Sep 2020 16:48:29 +0000 https://blog.gridinsoft.com/?p=4308 This summer, I talked about how ZDNet journalists drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to spread malware. As a result, Mozilla has stopped development of Firefox Send indefinitely, but the developers have promised to rework it and improve security. Let me remind you that… Continue reading Mozilla completely stops development of Firefox Send and Firefox Notes

The post Mozilla completely stops development of Firefox Send and Firefox Notes appeared first on Gridinsoft Blog.

]]>
This summer, I talked about how ZDNet journalists drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to spread malware. As a result, Mozilla has stopped development of Firefox Send indefinitely, but the developers have promised to rework it and improve security.

Let me remind you that Firefox Send was launched in March 2019. The service was a private file hosting service that allowed Firefox users to share files.

“All files uploaded and transferred via Firefox Send were encrypted, and users could set the age for which files were stored on the server, and also set the number of downloads allowed before the expiration date”, – said the developers.

Although Mozilla engineers planned Firefox Send, caring for privacy and security of other users, since the end of 2019, the service has become very popular not with ordinary people, but with malware developers. In most cases, hackers exploited the service in a very simple way: they downloaded malware payloads in Firefox Send, where the file is saved in encrypted form, and then inserted links to this file, for example, in phishing emails.

While Mozilla initially said the Send shutdown was temporary, though it changed a few weeks later when the organization cut more than 250 employees and announced that it would generally reorient the business to commercial products. As a result, most of the employees who were supposed to rework Send were fired, and the rest focused on developing commercial products, including Mozilla VPN, Firefox Monitor and Firefox Private Network.

“For the same reasons, the Firefox Notes service, which was a tool for saving and synchronizing encrypted notes, will be closed”, – writes ZDNet.

Notes was available for syncing across Firefox browsers, as a standalone Android app and as a browser extension.

The developers have announced that they will be phasing out the Notes Android app and sync service at the end of October 2020. The browser add-on (talking about existing installations) will continue to work for now, and the ability to export all notes will be active, but Mozilla will no longer support it, and will not allow new installations.

The post Mozilla completely stops development of Firefox Send and Firefox Notes appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mozilla-completely-stops-development-of-firefox-send-and-firefox-notes/feed/ 0 4308
Mozilla Downsizing Affects Security Professionals https://gridinsoft.com/blogs/mozilla-downsizing-affects-security-professionals/ https://gridinsoft.com/blogs/mozilla-downsizing-affects-security-professionals/#respond Thu, 13 Aug 2020 16:02:53 +0000 https://blog.gridinsoft.com/?p=4181 Earlier this week, Mozilla fired 250 employees, and another 60 employees moved to other teams. The media reports that Mozilla’s downsizing has seriously affected security professionals. Mozilla head and Mozilla Foundation CEO Mitchell Baker said the organization is forced to rethink its plans and adapt to the new realities that have changed greatly after COVID-19,… Continue reading Mozilla Downsizing Affects Security Professionals

The post Mozilla Downsizing Affects Security Professionals appeared first on Gridinsoft Blog.

]]>
Earlier this week, Mozilla fired 250 employees, and another 60 employees moved to other teams. The media reports that Mozilla’s downsizing has seriously affected security professionals.

Mozilla head and Mozilla Foundation CEO Mitchell Baker said the organization is forced to rethink its plans and adapt to the new realities that have changed greatly after COVID-19, and in various ways to strengthen its financial position.

Given that Mozilla had approximately 1,000 employees, and the organization had already laid off 70 employees earlier this year, Mozilla lost a third of its workforce in 2020.

“In the near future, Mozilla will rethink its business model and focus on financially viable products”, – said Mitchell Baker.

It should be noted that previously about 90% of all Mozilla’s revenue came from a deal with Google (Google is turned off in Firefox as a default search engine), but this contract ends at the end of this year, and it has not been renewed. Because of this, many experts have expressed concerns about what will happen to Mozilla after 2021.

However, this week the ZDNet, citing its own anonymous sources in the industry, assured that the contract with Google is likely to be extended until 2023.

Mozilla indirectly confirmed this information, informing reporters that the organization intends to continue cooperation with Google and even expand it.

Nevertheless, let us return to the topic of staff reduction. Although Mitchell Baker did not disclose in her statement which specialists would be fired, SecirutyWeek writes that at least two cybersecurity specialists were laid off.

One of them is Sarah Huffman, who has served as an information security risk manager for two and a half years, and the second is Michal Purzynski, an information security expert from the threat management team.

Purzinski, who has been working at Mozilla for more than eight years, says on Twitter that he is not the only employee that was laid off: the entire threat management team was disbanded. In his opinion, in this way, Mozilla has completely lost opportunity to detect and respond to incidents.

Mozilla downsizing security professionals

The publication notes that now some members of the cybersecurity community argue that this decision by Mozilla can be interpreted as a disregard for security, although others believe that the Mozilla leadership is doing the right thing.

Mozilla representatives commented on the situation and said that the security restructuring in the organization should have a positive effect and in that future, it will only improve security of Mozilla itself and its users.

“During the restructuring, some positions were indeed abolished, but the teams responsible for the security of the Firefox browser and Firefox services were not affected”, — explaine the company.

According to ZDNet, programmers working on Mozilla’s experimental Servo engine, developers overseeing the Mozilla Developer Network, and the Firefox developer tools team also fell under the cuts.

Let me remind you that earlier Mozilla suspended Firefox Send service due to abuse and malware and because of the COVID-19 pandemic, the company returned support for the unsafe FTP protocol to Firefox.

The post Mozilla Downsizing Affects Security Professionals appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mozilla-downsizing-affects-security-professionals/feed/ 0 4181
Mozilla suspended Firefox Send service due to abuse and malware https://gridinsoft.com/blogs/mozilla-suspended-firefox-send-service-due-to-abuse-and-malware/ https://gridinsoft.com/blogs/mozilla-suspended-firefox-send-service-due-to-abuse-and-malware/#respond Wed, 08 Jul 2020 16:44:26 +0000 https://blog.gridinsoft.com/?p=4029 Journalists from ZDNet drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to distribute the malware. Mozilla temporarily suspended the Firefox Send service (for the time of investigation), and the developers promise to improve it and add a “Report Abuse” button. Firefox Send was launched in March… Continue reading Mozilla suspended Firefox Send service due to abuse and malware

The post Mozilla suspended Firefox Send service due to abuse and malware appeared first on Gridinsoft Blog.

]]>
Journalists from ZDNet drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to distribute the malware. Mozilla temporarily suspended the Firefox Send service (for the time of investigation), and the developers promise to improve it and add a “Report Abuse” button.

Firefox Send was launched in March 2019. The service is a private file hosting service and allows Firefox users to share files. All files downloaded and transferred via Firefox Send are stored in encrypted form, and users can set the retention period for files on the server, as well as set the permissible number of downloads before this “expiration date” expires. The service was available to all users at send.firefox.com.

“Although Mozilla engineers planned Firefox Send, thinking about the privacy and security of their users, since the end of 2019, the service has become very popular not among ordinary people, but among malware developers”, – write ZDNet reporters.

In majority of cases, hackers exploit the service in a very simple way: they download the malware payloads into Firefox Send, where the file is stored in encrypted form, and then insert links to this file, for example, in their phishing emails.

ZDNet writes that in the past few months, Firefox Send has been used to store payloads of a wide variety of campaigns, from ransomware to financially oriented malware, from bank Trojans to spyware that attacked human rights defenders. Such well-known hack groups as FIN7, REVil (Sodinokibi), Ursnif (Dreambot) and Zloader abused the service.

British information security expert Colin Hardy explains exactly what factors attract malware authors to the Firefox Send service. So, Firefox URLs are considered reliable in many organizations, that is, spam filters do not detect or block them.

“In addition, attackers do not have to invest time and money in creating and maintaining their own infrastructure if they use Mozilla servers. And Firefox Send encrypts the files, which prevents the work of security solutions, and the download links for the malware can be configured so that they expire after a certain time or number of downloads, which complicates the work of information security experts”, – said Colin Hardy.

The growing number of malicious operations associated with Firefox Send has not escaped the attention of the information security community. Because of this, over the past few months, experts have regularly complained about the lack of a mechanism for reporting abuse or the “Report about a file” button that could be used to stop malicious operations.

While preparing a publication about these problems, ZDNet reporters turned to Mozilla for a comment, wanting to know the organization’s position regarding the placement of malware, as well as the progress in developing a mechanism for reporting about violations.

Mozilla’s response surprised both journalists and information security professionals, as the organization immediately suspended the Firefox Sens service and announced that it was working to improve it.

“We will temporarily take Firefox Send offline while we improve the product. Before starting the [service] again, we will add a violation reporting mechanism to supplement the existing feedback form, and we will also require all users who want to share content using Firefox Send to log in using their Firefox account,” — said Mozilla representatives.

Currently it is unclear when Firefox Send will return online. All links to Firefox Send have stopped working, which means that all malicious campaigns that used the service are also temporarily disabled.

Let me remind you that Firefox Refuses to Support FTP Protocol.

The post Mozilla suspended Firefox Send service due to abuse and malware appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mozilla-suspended-firefox-send-service-due-to-abuse-and-malware/feed/ 0 4029
Firefox Refuses to Support FTP Protocol https://gridinsoft.com/blogs/firefox-refuses-to-support-ftp-protocol/ https://gridinsoft.com/blogs/firefox-refuses-to-support-ftp-protocol/#respond Thu, 19 Mar 2020 16:26:54 +0000 https://blog.gridinsoft.com/?p=3583 ZDNet reports that Mozilla developers consider FTP to be an insecure protocol and will soon refuse to support it in Firefox. Therefore, users will no longer be able to upload files via FTP, and may not be able to view the contents of FTP links and folders in a browser. “We do this for security… Continue reading Firefox Refuses to Support FTP Protocol

The post Firefox Refuses to Support FTP Protocol appeared first on Gridinsoft Blog.

]]>
ZDNet reports that Mozilla developers consider FTP to be an insecure protocol and will soon refuse to support it in Firefox.

Therefore, users will no longer be able to upload files via FTP, and may not be able to view the contents of FTP links and folders in a browser.

“We do this for security reasons. FTP is an insecure protocol, and there is no reason to choose it to download resources instead of HTTPS. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past», — said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser.

Mozilla plans to abandon FTP support with the release of Firefox 77, which is scheduled for release this June. If users want to be able to view and upload files via FTP in spite of the ban, they can temporarily manually enable protocol support through the settings on the about: config page.

However, at the beginning of 2021, Mozilla will remove all code that supports the FTP protocol from its browser. After that, returning the protocol to Firefox will fail. Let me remind you that the plans of browser developers to abandon FTP became known back in 2018.

Let me also remind you that in the “parallel universe” Microsoft fixed 0-day vulnerability in Internet Explorer.

Most likely, Mozilla came up with decision on FTP after Google made a similar decision regarding the FTP protocol in Chrome last year.

In August 2019, Google announced plans to remove access and option of viewing FTP links from Chrome.

FTP support will be disabled by default in Chrome v81 and all traces of the FTP protocol will be removed from the Chrome codebase in Chrome 82, which is scheduled for release in late spring or early summer this year. ,

However, Google was forced to suspend the release of new versions of Chrome and Chrome OS due to the coronavirus pandemic. The main reason is “adjusted work schedules”. The fact is that due to the global distribution of COVID-19, Google engineers work at home, like employees of other companies.

“Due to the adjusted work schedules, we are suspending the release of new versions of Chrome. Our main goals are to ensure their stability, security and reliable operation for all who rely on them. We will continue to give priority to the release of security updates that will be included in Chrome 80,” – the Google blog said.

When the company announced that it was removing FTP support from Chrome, Google said that only a small part of its user base had access to and use FTP channels, which was the main factor in making this decision.

The post Firefox Refuses to Support FTP Protocol appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/firefox-refuses-to-support-ftp-protocol/feed/ 0 3583