Firefox 76 Now Available on Mac With Improved Password Management Features

Mozilla today released the latest version of its Firefox browser, Firefox 76, which includes password management updates, picture-in-picture support, better Zoom integration, and more.


The new Firefox update includes improvements for Firefox Lockwise, which offers built-in password management features much like Safari to protect saved passwords.

Firefox Lockwise will require a device’s account password before allowing a saved password to be copied, and it will let users know if a website breach has occurred that compromises a login and password.

It also provides an alert for vulnerable passwords, which are passwords used for more than one site. The password generating feature that creates random passwords has also been rolled out to more sites.

The update includes picture-in-picture functionality, allowing users to watch video in a small window even when browsing other sites, and it supports Audio Worklets, so Firefox users can join Zoom calls in the Firefox browser without the need for additional downloads.

Firefox 76 is available as of today and can be downloaded from the Firefox website. Current Firefox users can upgrade from within the browser.

Top Stories

Jon Prosser: Apple to Announce 13-Inch MacBook Pro Refresh Today

Apple today will announce a refresh of the 13-inch MacBook Pro, according to Jon Prosser of the YouTube channel Front Page Tech. Rumors have suggested that the new model could be a 14-inch MacBook Pro with slightly slimmer bezels around the display, in line with the 16-inch MacBook Pro replacing the 15-inch model last year.
The new 13-inch or 14-inch MacBook Pro is also expected to feature…

iPhone 12 Lineup With OLED Displays Predicted to Start at $649, Breaking the $999 Barrier

Apple has never sold a new iPhone with an OLED display for under $999, but with the iPhone 12 lineup expected to include a wider range of models, that could soon change.
iPhone 12 pricing could start at $649 this year, according to Jon Prosser of the YouTube channel Front Page Tech. Prosser says this information comes from his same source who accurately revealed the new iPhone SE’s launch…

Apple Watch ECG Helps Detect Case of Coronary Ischemia Missed by Hospital ECG

The single-lead ECG function on Apple Watch isn’t meant to be as informative or as sensitive as the multi-lead ECGs you might get in a doctor’s office or hospital, which use several points of contact. However, a new article in The European Heart Journal tells the story of an 80-year-old woman whose Apple Watch detected evidence of a heart condition that was missed by a hospital ECG (via 9to5Mac).

RIP Butterfly Keyboard: Apple Finally Completes Transition to Magic Keyboard

After years of complaints over sticky or unresponsive keys, Apple has finally finished transitioning its notebook lineup away from its issue-prone butterfly keyboard.
With the new 13-inch MacBook Pro featuring the same scissor switch Magic Keyboard as the 16-inch MacBook Pro, Apple no longer sells any new MacBook Pro or MacBook Air models with a butterfly keyboard. If you are browsing Apple’s…

App Recap: Views 4, CleanMyMac X, MacTracker and Major App Updates

In this week’s App Recap, we’ve highlighted two new apps that are worth checking out. We’ve also compiled a list of apps that received major updates this week.
New Apps Views 4 ($4.99) – Views 4 is a news and podcasts app that presents content tailored to the interests of the user. Upon downloading the app, users are presented with a series of screens that allow for the selection of…

Apple iMessage Patent Describes the Ability to Edit Already Sent Texts

The U.S. Patent and Trademark Office this week published a new Apple patent application that details features for editing sent messages, an improved application launcher and many other possible features. (via AppleInsider)
The patent application specifically describes features of “a messaging user interface of a message application” that are not currently in iOS. These include ways to easily …

Camera Comparison: 2020 iPhone SE vs. iPhone 8 and iPhone 11 Pro

Apple last week launched its new 2020 iPhone SE, a low-cost $399 smartphone that features iPhone 8 components upgraded with the same A13 chip available in Apple’s flagship iPhones. We did a full hands-on video back on Friday, but we took the weekend to see how the iPhone SE’s camera measures up to the iPhone 8 and iPhone 11 Pro.
Subscribe to the MacRumors YouTube channel for more videos. …

Apple CEO Tim Cook on New Products: ‘We Have Our Head Down and Are Working’

During today’s earnings call covering the second fiscal quarter of 2020, Apple CEO Tim Cook provided some insight on what we can expect from Apple in terms of new products during the global health crisis. A mockup of an iPhone 12 with smaller notch Cook said that Apple is continuing to operate, and that Apple employees are getting used to working from home. “In some areas of the company, some …

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

3 Ways To “Fix Network Protocol Error” Mozilla Firefox (2020) – 10 minute mail

Mozilla Firefox, also known as Firefox, is a web browser. It is compatible with a number of operating systems such as Android, Windows, Linux, iOS, FreeBSD, OpenBSD, NetBSD, illumos, and Solaris Unix. While using this web browser, you might come across an error known as ‘Network Protocol Error’ on Firefox. Once you encounter this error, you cannot use Firefox without fixing it. Below, we have discussed this error and some methods, using which you can fix the ‘Network Protocol Error’ on your Firefox web browser.

Fix Network Protocol Error on Mozilla Firefox
Fix Network Protocol Error on Mozilla Firefox | itechhacks

What is Network Protocol Error?


This error occurs due to the accumulation of cache memory of your Mozilla Firefox web browser.

What is Network Protocol Error on Mozilla Firefox - itechhacks
What is Network Protocol Error on Mozilla Firefox

Some users might notice ‘Corrupted Content Error‘ this message instead of ‘Network Protocol Error’ on your Firefox browser. However, both these errors are caused due to the same issue and can be fixed using similar methods.

READ MORE: How To Fix “Unfortunately TouchWiz has stopped” Error


Method 1: Reload your Webpage.

Before making any advanced changes in your browser, try solving this error by reloading your Webpage, while bypassing the cache.

You can do this by using the ‘Ctrl + F5‘ or ‘Ctrl + Shift + R‘ keys. In doing so, your webpage will be refreshed from the server and the ‘Network Protocol Error’ should be fixed.

If the error is not fixed by using this method, go ahead with the method listed below.

Method 2: Clear Firefox cache memory.

To clear the cache memory of your Firefox web browser, follow the steps listed below.

Step 1- In your Firefox web browser, go to the Preferences window.

or You can enter about:preferences#privacy in the URL bar.

How To Fix Network Protocol Error on Mozilla Firefox

Step 2- Here, open the Privacy & Security tab from the options available on the left of this window.

Step 3- You will find a ‘Clear Data‘ option in the ‘Cookies and Site Data‘ section. Click on it.How To Fix Network Protocol Error on Mozilla Firefox

Step 4- A pop-up will appear on your screen, with two options. Namely, ‘Cookies and Site Data‘ and ‘Cached Web Content‘. Select both these options and click on the ‘Clear‘ option.

Step 5- Now, close your Firefox web browser and restart it on your device.Fix Network Protocol Error itechhacks

Note: Once you clear all the cookies and site data, you might get signed out of all the websites you are logged in through Firefox. However, you can easily log in to those websites via Firefox, as the ‘Network Protocol Error’ will be fixed.

READ MORE: How To Fix Windows 10 Taskbar Not Working

Conclusion:

This is all you need to know about the Network Protocol Error of Mozilla Firefox, and how you can fix it by following some simple steps. If you know of any better method to fix the ‘Network Protocol Error‘ on Mozilla Firefox, then please let us know about it in the comments section below.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Karim Rahal: Security Features of Firefox – 10 minute mail

Karim Rahal, Disposable mail Crowdsource hacker, is a 17-year-old web-hacker who has been hacking for the greater part of his teenager years. At age 13, he started to responsibly disclose vulnerabilities—and he even blogged about one he found in Spotify! Karim still makes time for bug bounty programs, despite school.

We asked Karim to tell us why Firefox is the best choice from a white hat hacker’s point-of-view. In this blog he looks at a containers extension, research on tracker protection, and breach alert system. Here are the 3 browser features that are important to anyone concerned about privacy and security:

Karim tells us why he choose firefox


Browsers, being in the background—or foreground, actually—of every Internet activity, ought to be secure. They carry every piece of information we transmit over the web. And, in the market of desktop browsers, one security-driven
transmitter dominates: Mozilla Firefox. Still, how can Firefox be helpful to those cautious of security and privacy issues? To determine that, we must look at which of its security features can be useful.

A containers extension that minimizes exploits

The Firefox Multi-Account Containers extension lets you carve out a separate box for each of your online lives. In other words, you can create containers and assign tabs to them. The containers can’t communicate browser data to each other and are isolated.

The extension gives some much-needed privacy. Identity-based tracking (mostly done by social media companies) is restricted. With a container that isn’t logged into Google, the company has a harder time linking your searches to your Google account. In addition, advertisers are limited in their ability to follow you around. Your cookies don’t translate from one container to another. 

To illustrate, here is the same website in two different containers:

But Firefox Multi-Account Containers doesn’t only cage containers to keep them from tracking you. It also adds a layer of security over them. 

To understand how it does that, we must consider default browser behavior. Normally, browsers deal with cookie transmission in a straight-forward manner. When a website is requested, its cookies are sent in the HTTP request.

However, with the extension, there’s a catch: Firefox can’t forward cookies between containers. Each container is like its own browser, only seeing the cookies it has. Thus, some attack vectors are minimized/invalidated: CSRF, CORS misconfiguration, clickjacking, and many [2].

CSRF (cross-site request forgery) is a vulnerability that exploits default cookie transmission. Precisely, it is where an attacker sends HTTP requests on your behalf through a crafted webpage. Websites protect against this by checking for a unique token in the submitted request (one that isn’t just in the browser cookies). Yet, in many cases, websites don’t implement the check, or don’t have it for all necessary endpoints. 

Still, Firefox Multi-Account Containers allows you to disconnect the components necessary for this attack. The vulnerable website can be authenticated in a container different than the attacker’s webpage. With that set-up, the malicious actor can only send requests to an unauthenticated version of the targeted site.

Like CSRF, a misconfigured Access-Control-Allow-Origin header exploit also depends on cookie transfer. In short, the CORS (cross-origin resource sharing) response header tells the browser which origin should have access to a resource. In some cases, it can be poorly implemented, enabling an unintended and potentially malicious origin to view the resource. 

However, provided that the authenticated website instance and the attack website are in separate containers, the exploit is ineffective (in the same way as CSRF).

Please keep in mind that some edge-cases do exist to this container-dependent security. In particular, the defense is ineffective if the malicious site appears in the same container as the website it targets. The scenario is plausible since redirects inherit the container of the referrer site. 

The extension is available on Firefox’s add-on store. Upon configuration, it is recommended to have something similar to the following:

Be careful of enabling the “Always open in X” feature. It automatically forces the website to open in a single container. In attacks like GET-based CSRF, this behavior can redirect the exploit to the sensitive container.

Even in the unlikely event that the “Always open in X” feature does add some security benefit, it can be bypassed. Its URL matching is very conservative. If you enable the option for https://example.com, it will not be on for the subdomains, including https://www.example.com.

It is worth noting that, if you don’t specify a container, a default one spawns. Whenever you go to visit a website, hold the “new tab” button ( + ) to choose the appropriate container:

Enhanced Tracking Protection – does it work?

The browser also has a solution against trackers: Firefox Enhanced Tracking Protection.

According to Disconnect (the company which provides Firefox with a trackers blacklist), a tracker is a service that logs and stores data on a user’s activity [3].

Generally, advertisers and social media organizations embed cookies into websites to track your behavior online. In addition, they can use necessary information shared by your browser (such as your user-agent) to create a digital fingerprint of you.

To combat that, Firefox has implemented built-in protection. By default, it blocks known trackers (and ads) in private windows and third-party tracking cookies along with crypto-miners in all windows. In addition, to shield your normal browsing, Firefox allows you to set your content blocking to strict, stopping trackers, third-party cookies, crypto-miners, and finger-printers.

In 2017, a Mozilla study tested the feature against Alexa’s top 200 news sites. It found that “Tracking Protection blocks at least one unsafe element on 99% of the sites tested … 11 tracking elements in 50% of the sites and, in an extreme case, 150 tracking elements”[4]. However, these numbers don’t represent the actual number of trackers on the websites. Tracking scripts, when not blocked, usually unfold their own set of scripts, just like Russian dolls.

Testing tracking protection with my own study

To measure the true amount of tracking activity on Alexa’s top 200 news sites, I ran my own study[5]. First, I collected requests from each website for 2 minutes. Then, I ran the collected links against Firefox’s block-list. The following results were obtained:

  • 95% of the sites sent at-least 10 tracker requests
  • 50% sent at-least 242 (206 unique)
  • 30% sent at-least 477 (408 unique)
  • The biggest offender was an American daily newspaper with 6539 (2884 unique) requests!

I also tested for finger-printers and crypto-miners. Fortunately, none of the sites contained crypto-miners.

  • of the sites sent at-least 8 (7 unique) finger-printer requests
  • 30% sent at-least 27 (26 unique)
  • Again, the same American newspaper took the lead with 446 (197 unique) requests.

Could I get pwned?

By sheer numbers, though, trackers aren’t the worst threat. On Have I Been Pwned, 8.2 billion records of breached accounts exist[6]. That is, companies were hacked, and your data got leaked.

Nevertheless, Firefox is trying to minimize the issue. Using the Have I Been Pwned API, the browser has made a breach alert system: Firefox Monitor. When you visit a previously compromised website, it informs you:

The feature can also notify you of any future breaches. By giving Firefox Monitor your email, you can be sure to know when your information gets exposed. Also, Firefox is planning to check the credentials in its password manager, Firefox Lockwise.

Such features are of great benefit to those who re-use passwords. However, it is highly recommend to use a password manager and not to re-use passwords. Playing cat-and-mouse with hackers isn’t ideal.  

Conclusion

Undoubtedly, Mozilla Firefox boasts an impressive set of features. Firefox Multi-Account Containers separates your online life. The Enhanced Tracking Protection helps you against trackers. And, finally, Firefox Monitor keeps your credentials in check. Firefox can be a valuable addition to your security hygiene.

While these features are helpful, you have to take part in ensuring your security.

Regardless of what browser you use, some security practices should be followed:

  • Always update your services.
  • Use a password manager.
  • Enable two-factor authentication (2FA).
  • Be vigilant (don’t click random links, watch out for phishing attempts, etc.).

Notable Firefox Add-ons

  • To dynamically block trackers (on top of Firefox’s list): Privacy Badger
  • To force HTTPS on all websites: HTTPS Everywhere
  • To block JavaScript and shield from XSS (cross-site scripting): NoScript

References

[1]: https://github.com/mozilla/multi-account-containers/blob/master/README.md
[2]: https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
[3]: https://disconnect.me/trackerprotection
[4]: https://blog.mozilla.org/firefox/files/2017/09/tracking-protection-test.pdf
[6]: https://haveibeenpwned.com

Notes [5]:

I ran the study using the Puppeteer library. 

The static 2 minute wait started after the website was ready and sent no requests for 500 ms—requests made before the wait were still collected.

To verify that the websites didn’t block my experiment, I took screenshots. Two websites did consistently block my attempts and were thus excluded from the study: www.bloomberg.com and www.fark.com.

I made sure to account for the Firefox whitelist. In addition, I filtered out requests sent to the same origin.

A few false-positives may exist because the Firefox blacklist contains the tracker hosts without specific directories.

For those interested, my list of collected URLs (from the first step) can be found here. To get the Firefox blacklists and whitelists, run shavar-list-creation with the production configuration and then parse the log files. Trackers are found in the following lists: social-track-digest256, ads-track-digest256, content-track-digest256, analytics-track-digest256, and base-track-digest256. The whitelisted tracker entities are in mozstd-trackwhite-digest256, finger-printers are in base-fingerprinting-track-digest256, and cryptominers are in base-cryptomining-track-digest256.


Written by:

Karim Rahal
Bug Bounty Hunter

Twitter: @karimpwnz
Blog: https://karimrahal.com/

 

At Disposable mail we collaborate with white hat hackers like Karim to crowdsource security research from the forefront of the industry, so you can check for the latest common vulnerabilities and exploits. Our testbed has 1500+ security modules including the OWASP Top 10, cors misconfigurations and even stateless tests submitted by the Disposable mail Crowdsource community. Sign up today for a 14-day free trial.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.