Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: July 22, 2014

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code.

The following updates are available:

  • Firefox 31
  • Thunderbird 31
  • Firefox ESR 24.7
  • Thunderbird 24.7

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird to determine which updates should be applied.


This product is provided subject to this Notification and this Privacy & Use policy.


Tor developers vow to fix bug that can uncloak users

Developers of the Tor privacy service say they're close to fixing a weakness that researchers for an abruptly canceled conference presentation said provides a low-cost way for adversaries to deanonymize hundreds of thousands of users.

The talk previously scheduled for next month's Black Hat security conference in Las Vegas was titled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget." The abstract said that the hack cost less than $3,000 and could uncloak hundreds of thousands of users. On Monday, Black Hat organizers said the presentation was canceled at the request of attorneys from Carnegie Mellon University (CMU), where the researchers were employed, as well as the Software Engineering Institute (SEI). The attorneys said only that the materials to be presented "have not yet been approved by CMU/SEI for public release." Researchers Alexander Volynkin and Michael McCord have yet to explain why their talk was pulled.

Tor officials responded by saying that they're working on an update for individual Tor relay nodes that will close the unspecified security hole.

Read 6 remaining paragraphs | Comments

CPNI Releases Paper on Improving Defenses Against Targeted Attack

Original release date: July 22, 2014

The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has released a report on its “Improving Defenses Against Targeted Attack" (iDATA) cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by nation states and state-sponsored actors. CPNI is the government authority for providing protective security advice to businesses and organizations across the UK’s national infrastructure.

 

 


This product is provided subject to this Notification and this Privacy & Use policy.