A critical Remote Code Execution (RCE) vulnerability has been unearthed within SpiderMonkey, the JavaScript engine powering Mozilla Firefox. The provenance of this defect is almost farcical: a single-character typographical error within the WebAssembly garbage...
DumpBrowserSecrets Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)....
Estonian security researcher Lira Rebane has unveiled an unconventional clickjacking technique that hinges on a fusion of SVG graphics and cascading style sheets. Her talk at BSides Tallinn in October passed largely unnoticed by...
Mozilla has issued a stark warning to Firefox extension developers regarding a new phishing campaign targeting their accounts on the official AMO platform (addons.mozilla.org). This ecosystem encompasses over 60,000 extensions and more than half...
On July 22, 2025, Mozilla unveiled the Firefox 141 update, a release focused on enhancing browser security. According to security bulletin MFSA 2025-56, the update addresses 18 vulnerabilities, including flaws in the JavaScript engine,...
During the Pwn2Own Berlin 2025 competition, security researcher Manfred Paul successfully demonstrated an attack against the Mozilla Firefox browser’s rendering process by exploiting a vulnerability in the IonMonkey JIT compiler. Although he did not...
Experts at Koi Security have identified over 40 malicious extensions for the Mozilla Firefox browser, specifically crafted to steal data from cryptocurrency wallets. These add-ons pose a significant threat to the security of users’...
In Windows 11, Microsoft redesigned the app store, and at the same time, Microsoft also updated the developer policy of the app store to remove many restrictions. The new Windows 11 application store now...