Tag Archives: Mozilla

Consumer Privacy Bill with Do Not Track

February 23rd, 2012
We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online

Internet Advertising Networks Announces Commitment to “Do-Not-Track” Technology to Allow Consumers to Control Online Tracking

WASHINGTON, DC – The Obama Administration today unveiled a “Consumer Privacy Bill of Rights” as part of a comprehensive blueprint to improve consumers’ privacy protections and ensure that the Internet remains an engine for innovation and economic growth. The blueprint will guide efforts to give users more control over how their personal information is used on the Internet and to help businesses maintain consumer trust and grow in the rapidly changing digital environment. At the request of the White House, the Commerce Department will begin convening companies, privacy advocates and other stakeholders to develop and implement enforceable privacy policies based on the Consumer Privacy Bill of Rights.

http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights

Alex Fowler, Technology and Privacy Officer for the Mozilla Foundation.
http://firstpersoncookie.wordpress.com/2011/01/23/more-choice-and-control-over-online-tracking/

Mozilla Firefox 9 staggered rollout

Mozilla Wiki

We’re still tracking issues for a possible 9.0.2
You can see them @ https://wiki.mozilla.org/Releases/Firefox_9/RRRT
Note we are doing a staggered / slow rollout
We were manual-update only initially. This is why < 3 million people got 9.0 instead of 9.0.1
We unthrottled automatic updates for the past week (only offering to 10% of Fx checking for updates)
Now that we are at ~15 million 9.0.1 users we have turned off automatic updates again for a bit to look at data
If you see any news articles about slow Firefox 9 uptake, please email press or release-drivers so we can let the author know what is really going on
Probably going to do something similar for releases in the future as well, more details will be sent to release-drivers
We aren't in the Amazon Appstore anymore, and we missed the holiday season for the Kindle Fire (boo). Details are in bug 713777

Next source migration is 2012-01-31

https://wiki.mozilla.org/Platform/2012-01-03
http://www.computerworld.com/s/article/9223483/Mozilla_slows_pace_of_Firefox_9_upgrades

Mozilla blocks ScriptScan Add On

McAfee ScriptScan has been blocked for your protection.

Why was it blocked?
This add-on causes a high volume of crashes.
Who is affected?
Users of McAfee ScriptScan versions 14.4.0 and below for all versions of Firefox and SeaMonkey.
What does this mean?

Users are strongly encouraged to disable the problematic add-on or plugin, but may choose to continue using it if they accept the risks described.

https://addons.mozilla.org/en-US/firefox/blocked/i42

Surfing to the “Add-ons Blocklist” page one is greeted with,

This article is no longer maintained, so its content might be out of date.

Just saying… ;-)

DigiNotar SSL Certificate Hack

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
Published: August 29, 2011 | Updated: August 29, 2011

Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers.

Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.

All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003.

Microsoft is continuing to investigate this issue and may release future updates to help protect customers.

http://www.microsoft.com/technet/security/advisory/2607712.mspx

Edit
V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue.

Computerworld

Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today.

The count is considerably higher than DigiNotar has acknowledged. Earlier this week, a company spokesman said that “several dozen” certificates had been acquired by the attackers.

http://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates

Mac OS X can’t properly revoke dodgy digital certificates
http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates

Firefox and Thunderbird 6.0.1 released after the Mozilla team removed DigiNotar from their root program to protect users.