Firefox 26 blocks Java plugins by default
Posted on 11 December 2013.
Mozilla released Firefox 26 which includes five critical, three high, three moderate, and three low security updates.

All Java plug-ins are defaulted to 'click to play', which is a welcome security addition.

Benjamin Smedberg, Engineering Manager, Stability and Plugins at Mozilla commented: "When Mozilla conducted a user research study on the prototype implementation of click-to-play plugins earlier this year, we discovered that many users did not understand what a plugin was. Participants were confused or annoyed by the experience, especially having to enable plugins on the same site repeatedly. We redesigned the click-to-play feature to focus on enabling plugins per-site, rather than enabling individual plugin instances on the page."

The password manager now supports script-generated password fields and updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service).

Here's a complete list of security fixes:
  • Mis-issued ANSSI/DCSSI certificate
  • JPEG information leak
  • GetElementIC typed array stubs can be generated outside observed typesets
  • Use-after-free in synthetic mouse movement
  • Trust settings for built-in roots ignored during EV certificate validation
  • Linux clipboard information disclosure though selection paste
  • Segmentation violation when replacing ordered list elements
  • Potential overflow in JavaScript binary search algorithms
  • Use-after-free during Table Editing
  • Use-after-free in event listeners
  • Sandbox restrictions not applied to nested object elements
  • Character encoding cross-origin XSS attack
  • Application Installation doorhanger persists on navigation
  • Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)


How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Sep 19th