h-Online: As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in a whitelist. ...
Cross-posted from SophosLabs: A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security. Naked Security reader Rob Sanders alerted us to the activities of the recently updated ShowIP add-on for the Firefox browser. According to the description on the Mozilla add-ons website, ShowIP is designed to “show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right click) and hostname (left click), like whois, netcraft, etc. Additionally you can copy the IP address to the clipboard.” ...
Symantec Connect: Not only Facebook is adding new and interesting features to its toolbox; spammers and scammers in Facebook are, too. Currently there is a scam making rounds using a classic “who is viewing your profile” themed bait. So far – nothing new. After the user grants the application the requested privileges, which of course will send out the above mentioned spam posts to all his or her friends, the user gets redirected to a download instruction site. There he or she is asked to download the Firefox browser and then install a popular Firefox extension which allegedly gets downloaded over 27,000 times per week. This simple tweak should generate a new menu entry in Facebook which would then show user statistics. ...
For those who missed this update on Nov 18: In the spirit of releasing early and releasing often – Mozilla bring you version 0.2 of Rainbow – an experimental Firefox add-on from Mozilla Labs that exposes audio and video recording capabilities to web pages. What’s new in this release? It now support both audio and video recording on Windows, and audio recording on Linux. They added preliminary support for writing multiplexed media frames to a websocket. JS callers are now able to specify custom video resolutions, encoding quality, audio sampling rates and channels. Numerous bug fixes, such as behaving correctly on Mac OS X 10.5 (Leopard), and generating correctly encoded OGG files (the audio tracks of which were previously unplayable by Firefox). For a full list of changes, check out their commit logs – or even better – contribute on Github! Also, don’t forget to read the README for additional information. ...
Sophos Labs: Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it’s been downloaded over 600,000 times so far. The decision to release Firesheep publicly is a controversial one. On the good side, it’s reminded people that some of their common web surfing habits are dangerously insecure. Many websites use HTTPS (secure HTTP) for login, which protects your password. But they revert to insecure HTTP for the rest of the session. After you have logged in, security relies on the browser sending a session cookie – a secret authentication token – in every request. ...
Mozilla Labs: In our first Prospector experiment, Speak Words, we helped Firefox learn what words you might want to type into the Awesome Bar. We have taken that idea to help you find words in your open tab in our latest experiment. Finding a word in Firefox has always been easy because Firefox will move you to the new word formed by your last keystroke. This means you do not need to type out a word then click a search button to try finding a word that you might have misspelled. Firefox will let you know immediately if the new letter you pressed does not form a word that is on the page. ...
Mozilla Labs has been working hard on browser-based audio and video — not just for playback, but also for recording. Labs’ newest creation, called Rainbow, lets developers access your hardware’s video and audio recording capabilities with a few lines of JavaScript. The files created are all in open-source formats, including Theora, Vorbis and Ogg (support for WebM and other formats are planned in the product’s roadmap). Once media is captured, files can be accessed via the DOM with HTML5 File APIs. ...
Internet is great, and everyday millions of people spend their day surfing it, using Google, Gmail, Youtube, Twitter, Facebook, etc. Some people buy at ebay, or Amazon. Even some people use it to work, though these cases maybe not that common As a reader of this blog, you are concerned about security and therefore you already know that connecting through public WiFi is a risky sport. But it is also really convenient, how many of you have done it in McDonalds,Starbucks, etc.? Yeah, me too ...