Mozilla Says a New Firefox Security Bug Is Under Active Attack

January 13, 2020 • Firefox, Mozilla

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users.

The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.

In practical terms, that means an attacker can quietly break into a victim’s computer by tricking the victim into accessing a website running malicious JavaScript code.

But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.

Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.

Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”

Firefox users can update their browser from the settings.

Expanding Mozilla?s Boards in 2020

January 9, 2020 • Expanding, Mozilla

Mozilla is a global community that is building an open and healthy internet. We do so by building products that improve internet life, giving people more privacy, security and control over the experiences they have online. We are also helping to grow the movement of people and organizations around the world committed to making the digital world healthier.

As we grow our ambitions for this work, we are seeking new members for the Mozilla Foundation Board of Directors. The Foundation’s programs focus on the movement building side of our work and complement the products and technology developed by Mozilla Corporation.

What is the role of a Mozilla board member?

I’ve written in the past about the role of the Board of Directors at Mozilla.

At Mozilla, our board members join more than just a board, they join the greater team and the whole movement for internet health. We invite our board members to build relationships with management, employees and volunteers. The conventional thinking is that these types of relationships make it hard for the Executive Director to do his or her job. I wrote in my previous post that “We feel differently”. This is still true today. We have open flows of information in multiple channels. Part of building the world we want is to have built transparency and shared understandings.

It’s worth noting that Mozilla is an unusual organization. We’re a technology powerhouse with broad internet openness and empowerment at its core. We feel like a product organization to those from the nonprofit world; we feel like a non-profit organization to those from the technology industry.

It’s important that our board members understand the full breadth of Mozilla’s mission. It’s important that Mozilla Foundation Board members understand why we build consumer products, why it happens in the subsidiary and why they cannot micro-manage this work. It is equally important that Mozilla Corporation Board members understand why we engage in the open internet activities of the Mozilla Foundation and why we seek to develop complementary programs and shared goals.

What are we looking for?

Last time we opened our call for board members, we created a visual role description. Below is an updated version reflecting the current needs for our Mozilla Foundation Board.

Here is the full job description: https://mzl.la/MoFoBoardJD

Here is a short explanation of how to read this visual:

In the vertical columns, we have the particular skills and expertise that we are looking for right now. We expect new board members to have at least one of these skills.
The horizontal lines speaks to things that every board member should have. For instance, to be a board member, you should have to have some cultural sense of Mozilla. They are a set of things that are important for every candidate. In addition, there is a set of things that are important for the board as a whole. For instance, international experience. The board makeup overall should cover these areas.
The horizontal lines will not change too much over time, whereas the vertical lines will change, depending on who joins the Board and who leaves.

Finding the right people who match these criteria and who have the skills we need takes time. We hope to have extensive discussions with a wide range of people. Board candidates will meet the existing board members, members of the management team, individual contributors and volunteers. We see this as a good way to get to know how someone thinks and works within the framework of the Mozilla mission. It also helps us feel comfortable including someone at this senior level of stewardship.

We want your suggestions

We are hoping to add three new members to the Mozilla Foundation Board of Directors over the next 18 months. If you have candidates that you believe would be good board members, send them to msurman@mozillafoundation.org. We will use real discretion with the names you send us.

Mozilla and the Contract for the Web

November 30, 2019 • Contract, Mozilla

Mozilla supports the Contract for the Web and the vision of the world it seeks to create. We participated in helping develop the content of the principles in the Contract. The result is language very much aligned with Mozilla, and including words that in many cases echo our Manifesto. Mozilla works to build momentum behind these ideas, as well as building products and programs that help make them real.

At the same time, we would like to see a clear method for accountability as part of the signatory process, particularly since some of the big tech platforms are high profile signatories. This gives more power to the commitment made by signatories to uphold the Contract about privacy, trust and ensuring the web supports the best in humanity.

We decided not to sign the Contract but would consider doing so if stronger accountability measures are added. In the meantime, we continue Mozilla’s work, which remains strongly aligned with the substance of the Contract.

Mozilla begins charging for services – starting with Firefox premium support for enterprises

September 14, 2019 • begins, Mozilla

Mozilla’s foray into paid services is finally kicking off for real.

The Firefox maker is rolling out a new offer for organizations that run the browser in enterprise environments with a premium support plan.

Costing $10 per supported installation, Firefox Premium Support will provide several benefits, including capabilities to submit bugs privately, get critical security bug fixes, and even contribute to the browser and its roadmap, as noted by Ghacks.

This will the company’s first paid-for product, and it’s aimed squarely at businesses.

Mozilla has been ramping up its paid efforts in the recent months since CEO Chris Beard confirmed the company’s plans for a premium version of Firefox. It briefly tested an ad-free news subscription service and it’s currently piloting a VPN for desktop users in the US.

Mozilla’s revenue is mostly from Google being the default search engine on Firefox, but it’s crucial that the company looks beyond the search giant as it positions itself as a purveyor of privacy-centric tools and products.

Mozilla Mixed Reality

July 29, 2019 • Mixed, Mozilla

Virtual Reality

New

A new browser for Virtual Reality.

Learn More

Build VR with A-Frame

Create virtual reality experiences for the browser with A-Frame. This Mozilla-supported framework is powerful, open source, and is easy to learn.


<html>
  <head>
    <meta charset="utf-8">
    <script src="https://aframe.io/releases/0.8.0/aframe.min.js">script>
  head>
  <body>
    <a-scene>
      <a-box position="-1 0.5 -3" rotation="0 45 0" color="#4CC3D9">a-box>
      <a-sphere position="0 1.25 -5" radius="1.25" color="#EF2D5E">a-sphere>
      <a-cylinder position="1 0.75 -3" radius="0.5" height="1.5" color="#FFC65D">a-cylinder>
      <a-plane position="0 0 -4" rotation="-90 0 0" width="4" height="4" color="#7BC8A4">a-plane>
      <a-sky color="#BBBBBB">a-sky>
    a-scene>
  body>
html>

;

How to Experience VR

Experience WebVR on your phone, computer or headset.

supported devices

watching VR

What’s Next?

Get the Mozilla Labs newsletter for updates on our latest tech and product innovations.

Thanks!

If you haven’t previously confirmed a subscription to a Mozilla-related newsletter you may have to do so. Please check your inbox or your spam filter for an email from us.

additional link

Tutorials & Resources

Browser and devices

compatibility supportwebvr.rocks

Mozilla Mixed Reality Logo

Our mission is to keep the Internet open to innovators, creators, and builders on the Web. Virtual Reality is set to change the future of Web interaction. The ability for anyone to access and enjoy VR experiences is critical. This is why Mozilla set out to bring virtual reality to Web browsers, and why we are enabling WebVR in Firefox.