This is good news:
Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site.
But the move is not without controversy. Last year, an internet industry group branded Mozilla an "internet villain" for pressing ahead the security feature. The trade group claimed it would make it harder to spot terrorist materials and child abuse imagery. But even some in the security community are split, amid warnings that it could make incident response and malware detection more difficult.
The move to enable DoH by default will no doubt face resistance, but browser makers have argued it's not a technology that browser makers have shied away from. Firefox became the first browser to implement DoH -- with others, like Chrome, Edge, and Opera -- quickly following suit.
I think DoH is a great idea, and long overdue.
Mozilla is intensifying the efforts to protect its users, in the last couple of weeks, the security staff has banned 200 malicious Firefox add-ons.
Over the past two weeks, Mozilla has reviewed and banned 197 Firefox add-ons because they were executing malicious code. The malicious Firefox add-ons were found stealing user data and for this reason, they were removed from the Mozilla Add-on (AMO) portal.
Mozilla also disabled the malicious add-ons in the browsers of the users who have already installed them.
The apps were using obfuscation to hide their source code and were downloading and executing code from a remote server, a behavior that violates the policy of the portal. Downloading code from a remote server could allow threat actors to execute malicious code within the browser
Most of the banned apps have been developed by 2Ring, a provider of B2B software.
The organization also banned for malicious behavior other 30 add-ons.
Firefox also reported the case of an add-on named Fake Youtube Downloader was spotted attempting to install a malware in users’ browsers.
Mozilla also banned Firefox Add-ons like
The post Mozilla banned hundreds of malicious Firefox add-ons over the last weeks appeared first on Security Affairs.
A Firefox browser vulnerability that could allow attackers to take control of computers is being exploited in the wild.
Make sure you are running the very latest version of Firefox.