The "exposing information about..." bit in the Mozilla statement is fingerprinting/privacy argument like WebKit's
Removed MNG and started work on APNG 20 years ago! https://bugzilla.mozilla.org/show_bug.cgi?id=257197
It supports JavaScript when used as a document, but when used as an "image" by a browser (IMG tag, CSS features) JavaScript and the loading of external resources are disabled.
The capabilities are already expanded in most common implementations. This update is largely blessing those features as officially "standard".
It's not a "goal", it's a requirement (right there in the name!). Failing to comply to a government requirement subjects you to the associated penalties. They haven't said which requirement (we assume it's Russia…
Tails has updated their advisory to remove that statement: https://tails.boum.org/security/prototype_pollution/index.en...
We are not aware of any such thing. As rebelwebmaster noted, when we know that we put it in our advisory. Clearly the vulnerabilities are exploitable as demonstrated by Manfred Paul's winning Pwn2Own entry. The details…
Did the execs get raises after the layoffs? About half the ones that were at Mozilla at that time are gone now.
Or you just turn it off in the normal preference UI and trust that California's AG will sue Mozilla into oblivion if they weren't honoring the CCPA. https://blog.mozilla.org/netpolicy/2019/12/31/bringing-calif...
Those are in no way substitutes for each other -- you have to do both. People are not able to self-report accurate measurement data, and telemetry data can't tell you anything about what a person wants or why they do…
How to know when unrelated domains are actually part of the same site is a hard problem. The Public-suffix List approach works okay-ish for cookies, but no one's really happy enough with it to trust for riskier…
Are you using an Extended Support Release (ESR)? That's expected then.
Mozilla has never sponsored the Pwn2Own contest.
You can't compare counts of published vulnerabilities when organizations have vastly different standards of publication. Open source projects (e.g. Firefox, chromium) publish everything, even internally found flaws.…
The target is not illegal malware which, as you say, would do anything. But there's a vast amount of detrimental foistware doing malicious things (e.g. injecting ads, tracking) under legal cover because the user…
zing!
39.0.1 and 39.0.2 fixed serious regressions in Firefox for Android in some configurations. They weren't security fixes.
The "exposing information about..." bit in the Mozilla statement is fingerprinting/privacy argument like WebKit's
Removed MNG and started work on APNG 20 years ago! https://bugzilla.mozilla.org/show_bug.cgi?id=257197
It supports JavaScript when used as a document, but when used as an "image" by a browser (IMG tag, CSS features) JavaScript and the loading of external resources are disabled.
The capabilities are already expanded in most common implementations. This update is largely blessing those features as officially "standard".
It's not a "goal", it's a requirement (right there in the name!). Failing to comply to a government requirement subjects you to the associated penalties. They haven't said which requirement (we assume it's Russia…
Tails has updated their advisory to remove that statement: https://tails.boum.org/security/prototype_pollution/index.en...
We are not aware of any such thing. As rebelwebmaster noted, when we know that we put it in our advisory. Clearly the vulnerabilities are exploitable as demonstrated by Manfred Paul's winning Pwn2Own entry. The details…
Did the execs get raises after the layoffs? About half the ones that were at Mozilla at that time are gone now.
Or you just turn it off in the normal preference UI and trust that California's AG will sue Mozilla into oblivion if they weren't honoring the CCPA. https://blog.mozilla.org/netpolicy/2019/12/31/bringing-calif...
Those are in no way substitutes for each other -- you have to do both. People are not able to self-report accurate measurement data, and telemetry data can't tell you anything about what a person wants or why they do…
How to know when unrelated domains are actually part of the same site is a hard problem. The Public-suffix List approach works okay-ish for cookies, but no one's really happy enough with it to trust for riskier…
Are you using an Extended Support Release (ESR)? That's expected then.
Mozilla has never sponsored the Pwn2Own contest.
You can't compare counts of published vulnerabilities when organizations have vastly different standards of publication. Open source projects (e.g. Firefox, chromium) publish everything, even internally found flaws.…
The target is not illegal malware which, as you say, would do anything. But there's a vast amount of detrimental foistware doing malicious things (e.g. injecting ads, tracking) under legal cover because the user…
zing!
39.0.1 and 39.0.2 fixed serious regressions in Firefox for Android in some configurations. They weren't security fixes.