Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.

An anonymous reader quotes a report from VentureBeat: Microsoft has announced a big change for how the Cortana search box in Windows 10 will work going forward: all searches will be powered by Bing and all links will open with the Edge browser. This is a server-side change going into effect today. Once it takes effect on your Windows 10 computer, Cortana will no longer be able to serve up results from third-party search providers, like Google or Yahoo, nor take you to a third-party browser, such as Google Chrome or Mozilla Firefox. Ryan Gavin, Microsoft's general manager of search and Cortana, said in a Windows blog post announcing the change, "Unfortunately, as Windows 10 has grown in adoption and usage, we have seen some software programs circumvent the design of Windows 10 and redirect you to search providers that were not designed to work with Cortana. The result is a compromised experience that is less reliable and predictable. The continuity of these types of task completion scenarios is disrupted if Cortana can't depend on Bing as the search provider and Microsoft Edge as the browser. The only way we can confidently deliver this personalized, end-to-end search experience is through the integration of Cortana, Microsoft Edge and Bing -- all designed to do more for you."

Reader chefmonkey writes: In a report commissioned by Mozilla to explore the next home for Thunderbird, two potential new hosts have been offered: the Software Freedom Conservancy (host to git, boost, QEMU, and a host of other projects) and The Document Foundation (home of LibreOffice). At the same time, the report discusses completely uncoupling Thunderbird from the rest of the Mozilla codebase and bringing in a dedicated technical architect to chart the software's roadmap.

Given that the two named organizations are already on board with taking Thunderbird under their wing, is this a new lease on life for the email program Mozilla put out to pasture four years ago?In December last year, Mozilla Foundation chairperson Mitchell Baker had argued that the organization should disentangle itself from the Thunderbird email client in order to focus on Firefox. It appears the Firefox-maker is all set to part ways with Thunderbird.

prisoninmate quotes a report from Softpedia: According to Matthew Garrett, a renowned CoreOS security developer, and Linux kernel contributor, Canonical's new snap package format is not secure at all when it is used under X.Org Server (X Window System), which, for now, it is still the default display server of the Ubuntu 16.04 LTS (Xenial Xerus) operating system. The fact of the matter is that X11's old design is well-known for being insecure, and Matthew Garrett took the time to demonstrate this by writing a simple snap package that can steal data from any other X11 software, in this case anything you type on the Mozilla Firefox web browser. As more developers will provide snaps for their apps, Canonical needs to do something about the security of snaps in Ubuntu when using X11 or switch to the Mir display server. In the meantime, the security of snaps remains unaffected for the Ubuntu Server operating system, which is usually used without a display server. Canonical has officially released Ubuntu 16.04 LTS, which is now available to download for those interested.

Reader prisoninmate writes: The latest, and hopefully, the greatest version of Ubuntu is now available to download. On the sidelines, Mozilla today announced the availability of future releases of its popular Firefox web browser in the snap package format for Ubuntu 16.04 LTS. Earlier today, Canonical unleashed the final release of the highly anticipated Ubuntu 16.04 LTS (Xenial Xerus) operating system, bringing users a great set of new features and improvements. Also today, it looks like Canonical has renewed its partnership with Mozilla to offer Firefox as the default web browser on Ubuntu 16.04 LTS and upcoming releases of the Linux kernel-based operating systems. As part of the new partnership, Mozilla is committed to distributing future versions of Firefox as a snap package. Having Firefox distributed in the snap format means that you'll have 0-day releases in Ubuntu 16.04. Yes, just like Windows and Mac OS X, users are enjoying their 0-day releases of Mozilla Firefox and don't have to wait for package maintainers of a particular GNU/Linux distribution to update the software in the main repositories. For Mozilla, having Firefox as a snap package means that they'll be able to continually optimize it for Ubuntu.

An anonymous reader cites an article on Motherboard: For the first time, a judge has thrown out evidence obtained via a piece of FBI malware. The move comes from a cased affected by the FBI's seizure of a dark web child pornography site in February 2015, and the subsequent deployment of a network investigative technique (NIT) -- the agency's term for a hacking tool -- in order to identify the site's visitors. "Based on the foregoing analysis, the Court concludes that the NIT warrant was issued without jurisdiction and thus was void ab initio," Judge William G. Young of the District of Massachusetts writes in an order. "It follows that the resulting search was conducted as though there were no warrant at all. Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded," it continues. Young's order came in response to a motion to suppress from the lawyers of Alex Levin, who was arrested as part of the investigation into the child pornography site Playpen. After seizing the site, the FBI ran Playpen from a government facility from February 20 to March 4, 2015, and used a NIT to obtain over a thousand IP addresses for US-based users of the site, and at least 3000 for users abroad, according to Motherboard's investigations.

On Thursday, Opera announced that it is adding a free built-in virtual private network (VPN) client to its desktop browser. The feature, which isn't available on other popular Web browsers, will allow users to hide their IP address, unblock firewalls and access region-locked content. It will also help users protect their personal information on public Wi-Fi networks as it offers 256-bit encryption. "Everyone deserves to be private online if they want to be," Krystian Kolondra, SVP at Opera told Slashdot in a statement. "By adding a free, unlimited VPN directly into the browser, no additional download or extensions from an unknown third-party provider are necessary."

The move comes a year after Opera acquired North American VPN company SurfEasy. Unlike Chrome and Firefox, which require you to use an additional third-party tool (such as an extension), Opera's VPN offering is baked in the browser. What's more, it is free and offers unlimited usage. The feature is available on Opera's Mac, Windows, and Linux clients.

An anonymous reader writes: Vice reported at the end of March that the FBI and the U.S. Department of Justice are fighting tooth and nail to keep a Tor Browser exploit hidden from the public eye. Computer experts were quick to point out that this Tor Browser exploit, technically speaking, is a Firefox exploit, since Tor's browser is based on Firefox's ESR platform. Taking into account that Firefox follows open-source philosophy and reveals all security flaws reported, the effort which the FBI puts into restricting access to its exploit leads to only one conclusion, and that is that the FBI is hoarding a Firefox zero-day, currently unpatched in the browser's core -- something it hopes to use once again.

An anonymous reader writes: Mozilla seems to think a new future for Firefox [lies in Chrome]. While they claim that it is only about new ways of browser design, it is also an open secret that they are running into more and more problems lately with web compatibility. [Senior VP Mark Mayo caused a storm by revealing that the Firefox team is working on a next-generation browser that will run on the same technology as Google's Chrome browser. The project, named Tofino, will not use Firefox's core technology, Gecko, but will instead plumb for Electron, which is built on the technology behind Google's rival Chrome browser, called Chromium.] The benefit of Chromium/Electron would be that it is a solution they could pull much faster forward than their own Servo plans [Servo being Mozilla's Rust-based web engine]. What the real outcome of all this will be, only Mozilla knows so far. But inside Mozilla there is much resistance against such plans... Interesting times are ahead.

An anonymous reader writes: Security researchers claim that NoScript and other popular Firefox add-on extensions are exposing millions of end users to a new type of vulnerability which, if exploited, can allow an attacker to execute malicious code and steal sensitive data. The vulnerability resides in the way Firefox extensions interact with each other. From a report on SlashGear, "The problem is that these extensions do not run sandboxed and are able to actually access data or functions from other extensions that are also enabled. This could mean, for example, that a malware masquerading as an add-on can access the functionality of one add-on to get access to system files or the ability of another add-on to redirect users to a certain web page, usually a phishing scam page. In the eyes of Mozilla's automated security checks, the devious add-on is blameless as it does nothing out of the ordinary." Firefox's VP of Product acknowledged the existence of the aforementioned vulnerability. "Because risks such as this one exist, we are evolving both our core product and our extensions platform to build in greater security. The new set of browser extension APIs that make up WebExtensions, which are available in Firefox today, are inherently more secure than traditional add-ons, and are not vulnerable to the particular attack outlined in the presentation at Black Hat Asia. As part of our electrolysis initiative -- our project to introduce multi-process architecture to Firefox later this year -- we will start to sandbox Firefox extensions so that they cannot share code."

An anonymous reader quotes a report from VentureBeat: On top of the slew of news coming out of Microsoft's Build 2016 developer conference, a story broke yesterday that Microsoft was building an ad blocker into its Microsoft Edge browser. While this would be a big deal, it apparently isn't true. "We have no plans to build a native ad blocker into Microsoft Edge," a Microsoft spokesperson told VentureBeat. Microsoft was originally referencing the extension support it is building into Edge, which would allow ad blocking to work exactly like any other desktop browser. For those hoping for an Edge browser with built-in ad blocking, well, you're stuck with 'niche browsers' like Brave from Mozilla cofounder Brendan Eich and Adblock Browser.

Reader itwbennett writes: A Trojan program, dubbed USB Thief by researchers at security firm ESET, infects USB drives that contain portable installations of popular applications such as Firefox, NotePad++, or TrueCrypt, and it also seems to be designed to steal information from so-called air-gapped computers. "In the case we analyzed, it was configured to steal all data files such as images or documents, the whole windows registry tree (HKCU), file lists from all of the drives, and information gathered using an imported open-source application called 'WinAudit'," the ESET researchers said. The stolen data was saved back to the USB drive and was encrypted using elliptic curve cryptography. Once the USB drive was removed, there was no evidence left on the computer, the ESET researchers added.

itwbennett writes: The Tor Project, which provides more anonymous browsing across the Internet using a customized Firefox Web browser. is fortifying its software so that it can quickly detect if its network is tampered with. To address worries that Tor could either be technically subverted or subject to court orders, Tor developers are now designing the system in such a way that many people can verify if code has been changed and 'eliminate single points of failure,' wrote Mike Perry, lead developer of the Tor Browser, on Monday. 'Even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue,' said Perry.

prisoninmate writes: What's ubuntuBSD? Well, it's not that hard to figure out yourself, but just in case you're not sure, we can tell you that ubuntuBSD promises to bring the power of the FreeBSD kernel to Ubuntu Linux. The best part of using the FreeBSD kernel is that you'll end up using the famous Z File System, or ZFS. Xfce is also included along with the popular Firefox, LibreOffice, and Ubuntu Software Center apps. ubuntuBSD is inspired by the Debian GNU/kFreeBSD project, it is hosted on SourceForge, and has been created by Jon Boden.

An anonymous reader writes: The developers of the Palo Moon browser are thinking of scratching their current codebase due to the fact that it doesn't support many of today's current Web standards, and because future Firefox plans will introduce incompatibilities within its codebase. The team plans to build a new browser from scratch, which they'll use to replace Pale Moon when it reaches a stable version. As with the old Pale Moon, the browser will keep Firefox's pre-Australis interface and still support many features removed in Firefox, like Tab Groups and full themes.

An anonymous reader writes: The growing trend of closed content silos -- publishing platforms that require a login in order to view the content is a step away from a more open web. Back in December of last year, Facebook launched its own in-app browser, which is basically a web-view that loads links you tap on using the Facebook app. Although in-app browsers may be convenient for some, such features are primarily designed to keep users inside of the application for a longer duration, which translates to more advertising exposure (and, thus, more money). This kind of feature can be challenging to the goal of keeping the web open, not only because the feature overrides the end user's default mobile browser, but also because it keeps users in a closed ecosystem (versus exploring the web). Additionally, the Instant Articles feature doubles down on siloed content by working with publishers to make articles available nearly instantly within the app, loading much faster than they would through a mobile browser. This sounds good, and it is convenient. But it also sets up a path for monetizing content that would otherwise be viewable outside of the closed silo, and, because you're using the app to browse the web inside this silo, there are privacy concerns. Unlike using a browser such as Firefox or Chrome, which has a private browsing option, a user of Facebook's in-app browser does not have the same privacy control. It's no secret that Facebook has been trying to create what appears to be a closed version of the internet. The social juggernaut's Free Basics initiative, for instance, offers users with free access to select websites. Facebook gets to be the gatekeeper of the platform. This is something that didn't sit well with some privacy advocates in India, who played an instrumental role in banning Facebook's initiative in the country. Facebook is not just a social networking website where people go to talk with their friends and family, Facebook has become a mammoth platform that offers the ability to upload videos (mimic YouTube), and send money to your friends (mimic PayPal) among other things. It is almost scary to see the rate at which Facebook is expanding and trying to absorb everything that comes in its way.

An anonymous reader writes: Four major web browsers have announced support for the near-native compiling technology WebAssembly, and collaborated to bring an initial common game demo of Angry Bots, running via Unity and WebAssembly, to experimental builds of Chrome, Firefox, Microsoft Edge and, shortly, Safari. WebAssembly was launched last year in a joint project between Microsoft, Mozilla, Apple and Google as a potentially more efficient route to assembly-level performance than asm.js, which is in itself a low-level subset of JavaScript.

An anonymous reader writes: Mozilla has announced it is releasing the first alpha versions of its Servo browser this upcoming June. The project uses browser.html for the browser's UI and Rust for the browser's core. There's a similarity between how Microsoft launched Spartan (Edge) and how Mozilla is launching Servo now. While many might think Mozilla is sneakily working on a Firefox replacement, Mozilla has also invested quite a lot in Firefox these days, like WebExtensions and e10s, and it may be more plausible that Servo might slowly be integrated in Firefox to replace Gecko, rather than replace Firefox altogether, like Microsoft did with Edge to IE.

An anonymous reader writes: Firefox 45, set to be released today, will remove the Tab Groups feature, a feature that many people used, but Mozilla decided to ask due to buggy code. The good news is that a developer created a perfect replacement for this feature as an add-on. Users that use Tab Groups on a daily basis are urged to install the add-on before upgrading to Firefox 45. The add-on will take over from the browser's Tab Groups feature without any complex configuration. Users that update to Firefox 45 will have their tab groups moved to their Bookmarks as folders, which may be difficult to move back into the Tab Groups add-on later on, especially if some people have hundreds of URLs.

mikejuk writes: Mozilla has been clarifying some of its plans to convert the Firefox OS project into four IoT based projects. At a casual glance, this seems like a naive move that is doomed to failure. Project Link is a 'user agent' for the smart home, that helps the end user set preferences for device interaction, and automates those connections for the user in a secure environment. Next, Project Sensor Web will be a pilot project for crowdsourcing a pm2.5 sensor network. Project Smart Home is focused on bridging the gap in IoT smart home providers between completely boxed solutions like Apple HomeKit, and completely DIY solutions like Raspberry Pi. Finally, Project Vaani is a voice interface for IoT access, which Mozilla credits as the 'most natural way to interact with connected devices.' With Firefox losing market share and projects like Firefox OS, Thunderbird, Shumway, and Persona closing down, perhaps Mozilla should try and find its way back to core concerns. All four of the projects need significant AI expertise and a powerful cloud computing resource neither of which Mozilla is likely to be able to afford.