Tag: firefox

Major Security Leak At Mozilla Developer Network (MDN)

On the official Mozilla Blog, Stormy Peters (Director of Developer Relations) & Joe Stevensen (Operations Security Manager) Posted details regarding Mozilla Developer Network Database Disclosure into a publicly accessible server. This is indeed a serious security fault from Mozilla because Some MDN email addresses and hashed passwords were temporarily posted into a public server.

Post Content:

“We have just concluded an investigation into a disclosure affecting members of Mozilla Developer Network. We began investigating the incident as soon as we learned of the disclosure. The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server. As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure. While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access.

We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you.

The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems. We’ve sent notices to the users who were affected. For those that had both email and encrypted passwords disclosed, we recommended that they change any similar passwords they may be using.

In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again. If you have questions, please reach out to security@mozilla.org.

Thanks,

Stormy Peters
Director of Developer Relations

Joe Stevensen
Operations Security Manager”

This is really a major concern since these kinda security leaks were resulted for a top firm like Mozilla which focuses in security as well.

Disable/Enable Javascript Options in Firefox From Version 23.

Folks,

You might have noticed, In Firefox Version 23(+) there is no way to disable  JavaScript functionality from Tools->options-> Content (Tab). They say “In Firefox 23, as part of an effort to simplify the Firefox options set and protect users from unintentionally damaging their Firefox, the option to disable JavaScript was removed from the Firefox Options window.”

ff_js_miss

The option to disable JavaScript was not removed from Firefox entirely. You can still access it from about:config or by installing an add-on.

How to disable (& enable back) Javascript from Firefox ver. 23

about:config

  1. In the address bar, type “about:config” (with no quotes), and press Enter.
  2. Click “I’ll be careful, I promise”
  3. In the search bar, search for “javascript.enabled” (with no quotes).
  4. Right click the result named “javascript.enabled” and click “Toggle”. JavaScript is now disabled.


To Enable JavaScript back, repeat these steps.

Add-ons

You can alternatively install an add-on that lets you disable JavaScript, such as

  • No-Script (to disable JavaScript on a per page basis, as required)
  • QuickJava (to easily disable and enable JavaScript, automatic loading of images, and other content)

Hope this helps. ThankYou.

Cheers,

JENSon.