Google Patches Unicode Domain Phishing Bug in Chrome
Google has patched a dangerous issue in Chrome that enabled attackers to spoof legitimate domains in the browser by using unicode characters rather than normal ones. That vulnerability is the result of the way that Chrome handles some unicode characters and it’s not necessarily a new issue. Security experts have known about the underlying problem […]
Unicode Domain Phishing Attack Resurfaces
Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies on the fact that the […]
Mozilla Fixes Zero Day Used to Unmask Tor Users
Mozilla has released a patch for a critical remote code execution vulnerability in Firefox that is being used in active attacks to unmask users of the Tor Browser, which is based on Firefox. The vulnerability lies in the way that Firefox handles SVG animations and exploit code for the bug has been posted on a […]
Mozilla to Enforce Content Security by Default in Firefox
One of the many ways that attackers use to get their malicious code onto users’ machines is by using drive-by downloads. They often will compromise benign sites and use them to load malicious content in users’ browsers, and now Mozilla is making a ket change to its Firefox browser in an effort to make security […]
Mozilla to Ship TLS 1.3 in Firefox 52
Mozilla plans to implement the next version of the TLS specification in an upcoming release of its Mozilla browser. TLS 1.3 will be shipped in Firefox 52, which is scheduled for release in March 2017. Mozilla’s Martin Thomson said in an email to the Mozilla development group Wednesday that the company will include TLS 1.3 […]
Apple to Remove Trust for Chinese CA WoSign
The infrastructure upon which the Internet’s encryption system is built is fragile and prone to random, sometimes catastrophic, failures. The latest evidence of this weakness in the network is an incident involving a Chinese certificate authority WoSign, which was caught back-dating certificates and allowing customers to add arbitrary domains to their certificates. The problems have […]
Mozilla Releases Observatory Site-Security Scanner
Mozilla has released a new tool called Observatory that site owners can use to scan their sites and assess their implementation of various security technologies, from HTTPS to public key pinning to cross-site scripting protections. Mozilla built Observatory as an internal tool to help improve the security of the company’s own sites, which number in the […]
Firefox Containers Allows For Separate Online Identities
Mozilla is testing a new feature in pre-release versions of its Firefox browser that enable users to employ multiple personas or identities in different contexts at the same time. The feature, known as Containers, is designed to help users separate their various personal, work, and other online activities. The new feature is currently in the Nightly […]