Fetch streams are great, but not for measuring upload/download progress

Part of my role at Mozilla is making sure we're focusing on the right features, and we got onto the topic of fetch upload streams. It's something Chrome has supported for a while, but it isn't yet supported in either Firefox or Safari. I asked folks on various social platforms what they thought o...

An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Googles Chrome, Apples Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as whats known as a root certificate authority, a powerful spot in the internets...

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack...

CVE-2022-28795

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the Chrome, Firefox and Edge browsers and constitutes an attack surface for memory...

New vulnerability: the use of a browser Cookie to bypass HTTPS and steal private information-bug warning-the black bar safety net

! Recently, a presence in the major browsers Web cookies in a serious vulnerability is found, it enables secure browsing mode HTTPS is vulnerable to MiTM attacks. In addition, most of the Web sites and popular open source applications may contain Cookie injection vulnerabilities, including: Googl...

Chrome, Firefox, Safari and IE – All Browsers Hacked at Pwn2Own Competition

The Annual Pwn2Own Hacking Competition 2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year’s hacking...

HTML5 Canvas Fingerprint — Widely Used Unstoppable Web Tracking Technology

Till Now we have seen many traditional way of tracking web users, such as using cookies that get saved on user’s system may not be available forever to many companies, but a new method of tracking users has emerged that worked without the use of cookies. From last two years, many websites and...

[ExploitShield Browser Edition] Forget about browser vulnerabilities

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicio...

Private Web Browsing Is Mostly A Failure

Features in the four major browsers designed to cloak users’ browser history often don’t work as billed, according to a research paper that warns that users may get a false sense of security when using the built-in privacy settings. Read the full article. The Register...

hack-hm-1.0.txt

Sure: Title Hotmail Security Alert Hack HM1.0! 5/10/2000 By: Da Hawaiian HaXorS "Give back da aina!" Disclaimer In no event shall Da Hawaiian HaXorS be held liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in ...