All news with #mozilla tag

Mozilla Ends Partnership with Onerep After Investigation

🛡️ Mozilla announced it will end its partnership with Onerep and discontinue Monitor Plus on Dec. 17, 2025. Current subscribers will retain access through the wind-down period and receive prorated refunds for any unused portion of their subscriptions. Mozilla said it will continue to offer its free Monitor breach service integrated with Firefox’s credential manager and is focusing on integrating more privacy and security features, including its VPN. The company cited high vendor standards and the realities of the data broker ecosystem as reasons for ending the collaboration after reporting revealed Onerep’s founder maintained ties to other people-search services.

Firefox 145 Adds Stronger Anti-Fingerprinting Defenses

🔒 Mozilla has rolled out enhanced anti-fingerprinting protections in Firefox 145, initially active in Private Browsing and Enhanced Tracking Protection (ETP) Strict mode. Phase 2 measures add targeted noise to background image reads, restrict reported fonts to standard OS sets with select language exceptions, coarsen touch reporting, report screen height minus 48 pixels, and always report two processor cores. After testing these changes will be enabled by default; users can disable them per-site for compatibility. The release also removes the 32-bit Linux build.

Mozilla: New Firefox extensions must disclose data

🔒 Starting 3 November 2025, Mozilla will require new Firefox extension developers to declare data collection practices in manifest.json via a browser_specific_settings.gecko.data_collection_permissions key. Developers must adopt the framework across all extensions in the first half of 2026, and extensions that collect no personal data must state that explicitly. The declared practices will appear during installation, on the add-on listing, and in about:addons; submissions that omit the declaration will be blocked.

CISA Adds Seven CVEs to Known Exploited Vulnerabilities

🔒 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The newly listed entries include CVE-2010-3765, CVE-2010-3962, CVE-2011-3402, CVE-2013-3918, CVE-2021-22555, CVE-2021-43226, and CVE-2025-61882, impacting Mozilla, Microsoft, the Linux Kernel, and Oracle E-Business Suite. Federal Civilian Executive Branch agencies must remediate these vulnerabilities under BOD 22-01, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

Mozilla lets Firefox add-on developers roll back updates

🔁 Mozilla now allows Firefox extension developers to roll back recently approved versions to a previously approved release, enabling fast mitigation of critical bugs and regressions. When reverted, users cannot install the problematic version, and browsers with automatic updates will revert affected installations within 24 hours. Developers can republish a prior build via the Developer Hub or the Add-on Submission API. Rollbacks require at least two approved versions on addons.mozilla.org, while self-distributed extensions may revert to any approved version.