Mozilla News, Articles and Updates

MailSploit bugs let spoofed emails bypass DMARC, spam detectors

A collection of vulnerabilities dubbed Mailsploit, found by German security researcher Sabri Haddouche in 30 types of email client applications - from Apple Mail to Mozilla Thunderbird - lets hackers bypass anti-spoofing mechanisms.

Mozilla patches critical flaws in Firefox 57.0.1 update

Mozilla released a security update to address critical vulnerabilities in Firefox 57 which could allow a remote attacker to take control of an affected system.

Mozilla looses trust in Dutch Certs, raises wider concerns in industry

Dutch moves to strengthen the powers of its state authorities leads Mozilla to propose excluding Dutch CAs from its trust list - could form part of a wider undermining of trust in the Internet

Mozilla patches three critical issues in Thunderbird and Firefox

Mozilla issued a security update stating that the newly released Thunderbird 52.4 , Firefox 56 and Firefox ESR 52.4 patch 10 vulnerabilities, two rated critical, five high and three moderate found in earlier iterations of the software.

Mozilla issues five critical patches for Firefox and Firefox ESR

Mozilla issued two security advisories covering Firefox and Firefox ESR that between them contain 33 security patches, five rated as critical.

Mozilla fixes critical vulnerabilities in Firefox browser and Extended Support Release

Mozilla has issued security advisories announcing key updates to its Firefox browser and the Firefox Extended Support Release, both of which fixed vulnerabilities that the open-source developer labeled as critical.

Windows accelerates SHA-1 deprecation

Microsoft is set to bring the date after which its Windows browsers will no longer accept SHA-1 to the middle of next year after new research has shown the cryptographic hash function to be even more vulnerable than previously thought.

Mozilla may reject SHA-1 certificates six months early

Mozilla has stepped up pressure on enterprise companies that continue to use SHA-1 certificates after research last month demonstrated the algorithm could be broken in as little as three months.