March 25, 2024 at 06:18AM Mozilla has released updates for the Firefox browser to fix two zero-day vulnerabilities that were exploited at the Pwn2Own Vancouver 2024 hacking contest. The first vulnerability allows for bypass of range analysis, while the second issue leads to a sandbox escape. Both vulnerabilities are considered critical and were patched in … Read more
March 22, 2024 at 01:52PM Mozilla released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Manfred Paul earned $100,000 and 10 Master of Pwn points after exploiting the flaws. Mozilla quickly patched the vulnerabilities in Firefox 124.0.1 and Firefox ESR 115.9.1 to prevent … Read more
March 20, 2024 at 08:57AM Google and Mozilla released web browser security updates addressing dozens of vulnerabilities, including critical and high-severity flaws. Chrome 123 fixes 12 bugs, one high-severity. The update also resolves medium and low-severity vulnerabilities. Google paid $22,000 in bug bounty rewards and released Chrome version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for … Read more
January 25, 2024 at 06:48AM Mozilla announced security updates for Firefox and Thunderbird to patch 15 vulnerabilities, including five high-severity flaws. The first flaw could allow memory corruption and potential denial of service or execution of arbitrary code. Other issues include failure to update user input timestamp, unchecked return value in TLS handshake code, and … Read more
December 21, 2023 at 06:06AM Mozilla has revised its position to implement Trusted Types in its Firefox browser, aiming to decrease web attacks relying on injected code. This technology addresses DOM-XSS, reducing the common vulnerability. Still undergoing technical improvements, it’s expected to enhance web security when widely adopted. Tech giants like Google, Meta, and Microsoft … Read more
December 20, 2023 at 10:21AM Mozilla announced security updates for Firefox 121 and Thunderbird 115.6 addressing 21 vulnerabilities, including high-severity issues like WebGL heap buffer overflow, NSS NIST curves vulnerability to Minerva attack, and uninitialized data exposure in EncryptingOutputStream. Both updates also include patches for several memory safety issues. The release notes contain further details. … Read more
October 25, 2023 at 03:57PM Mozilla and Google have released software updates for Firefox and Chrome to address high-severity vulnerabilities, including memory safety bugs. Mozilla’s Firefox update addresses 11 vulnerabilities, including an insufficient activation-delay bug and memory safety issues that could allow arbitrary code execution. The update also patches medium-severity flaws affecting header leakage, crashes, … Read more
October 12, 2023 at 10:21AM Apple has released iOS and iPadOS updates to patch a kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks. The flaw is a local privilege escalation issue, indicating it may have been used as part of an exploit chain. Although Apple has not provided details about the attacks or … Read more