Mozilla Releases Security Updates for Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime

Original release date: June 13, 2014

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code, cause a denial of service, or conduct clickjacking attacks.

The following updates are available:

  • Firefox 30
  • Firefox ESR 24.6
  • Thunderbird 24.6
  • Netscape Portable Runtime 4.10.6

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

P.F. Chang’s turns to vintage 1970s tech after credit card breach

The carbon copy is yours to keep, madam.

US restaurant chain P.F. Chang's China Bistro plans to temporarily bring back manual credit card imprinting while it investigates a security breach that allowed hackers to steal customer payment card data from multiple stores.

The old-school manual system has already been spotted by people affiliated with Sans, a computer security training institute. Readers may remember the system from decades ago, when eight-track tapes and, later, Betamax video, were still the rage. P.F. Chang's servers will be retaining carbon copies of the transactions, according to KrebsOnSecurity reporter Brian Krebs, who first reported the breach three days ago after finding that thousands of newly stolen credit and debit cards for sale in underground forums were all used at the chain.

"At P.F. Chang's, the safety and security of our guests' payment information is a top priority," a statement posted on the chain's website stated. "Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues."

Read 3 remaining paragraphs | Comments

Tapped in: How your phone gives you up to companies and criminals

A lot has been done to secure major Web services and Internet applications, particularly on the PC. But one of the lessons learned from our collaboration with NPR and Pwnie Express was that for every data leak that has been plugged by the major websites, another springs up on mobile. And mobile devices are the ones that face the greatest risk of surveillance and attack—not so much from the National Security Agency, but from companies and criminals looking to track and target individuals on a smaller scale.

Public Wi-Fi has become an integral part of how mobile devices’ apps work. Apple and Google have both configured their mobile services to leverage Wi-Fi networks to improve their location services, and mobile and broadband companies offer public (and unencrypted) Wi-Fi networks to either offload users from their cellular data networks or extend the reach of their wired network services. Comcast, for example, has been expanding its Xfinity broadband networks by turning access points at homes and businesses into public Wi-Fi hotspots for subscriber access.

That’s great for customers’ convenience, but it also opens up a potential vector of attack for anyone who wants to get in the middle of broadband users’ Internet conversations. We demonstrated one potential Wi-Fi threat during our testing—using a rogue wireless access point broadcasting the network ID (SSID) “attwifi” prompted AT&T iPhones and Android devices with default settings to automatically connect to them.

Read 11 remaining paragraphs | Comments