-
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor.
- December 16, 2025
- 05:17 PM
2
-
Mozilla Firefox gets new anti-fingerprinting defenses
Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting.
- November 10, 2025
- 05:25 PM
6
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Mozilla: New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties.
- October 24, 2025
- 09:17 AM
- 1
-
Mozilla now lets Firefox add-on devs roll back bad updates
Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues.
- September 22, 2025
- 11:53 AM
- 0
-
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims.
- August 07, 2025
- 10:00 AM
- 0
-
Dozens of fake wallet add-ons flood Firefox store to drain crypto
More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data.
- July 02, 2025
- 09:16 AM
- 0
-
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets.
- June 03, 2025
- 10:29 AM
- 3
-
Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs
Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs.
- May 29, 2025
- 07:58 PM
- 0
-
Mozilla fixes Firefox zero-days exploited at hacking contest
Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition.
- May 19, 2025
- 10:10 AM
- 1
-
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
- May 16, 2025
- 11:23 AM
- 0
-
Mozilla warns Windows users of critical Firefox sandbox escape flaw
Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems.
- March 27, 2025
- 10:48 AM
- 0
-
Mozilla warns users to update Firefox before certificate expires
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.
- March 12, 2025
- 11:01 AM
- 0
-
Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers
Mozilla has renewed its promise to continue supporting Manifest V2 extensions alongside Manifest V3, giving users the freedom to use the extensions they want in their browser.
- February 25, 2025
- 03:28 PM
- 0
-
Malicious Browser Extensions are the Next Frontier for Identity Attacks
A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit.
- January 07, 2025
- 10:02 AM
- 0
-
Firefox and Windows zero-days exploited by Russian RomCom hackers
Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America.
- November 26, 2024
- 07:13 AM
- 3
-
SolarWinds Web Help Desk flaw is now exploited in attacks
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024.
- October 16, 2024
- 03:53 PM
- 0
-
Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks.
- October 09, 2024
- 01:34 PM
- 1
-
Mozilla accused of tracking users in Firefox without consent
European digital rights group NOYB (None Of Your Business) has filed a privacy complaint with the Austrian data protection watchdog (DSB) against Mozilla, alleging the company uses a Firefox privacy feature (enabled without consent) to track users' online behavior.
- September 25, 2024
- 03:40 PM
- 9
-
18-year-old security flaw in Firefox and Chrome exploited in attacks
A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network.
- August 08, 2024
- 12:28 PM
- 3
-
Mozilla Firefox can now secure access to passwords with device credentials
Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics
- June 14, 2024
- 04:19 PM
- 3
