Tux Machines

Mozilla Leftovers (UPDATED)

Posted by Roy Schestowitz on Sep 06, 2023,

updated Sep 08, 2023

=> /n/2023/09/06/Databases_SQL_Injections_PostgreSQL_and_MySQL.gmi Databases: SQL Injections, PostgreSQL, and MySQL

=> /n/2023/09/06/Arti_1_1_8_is_released_Onion_service_infrastructure.gmi Arti 1.1.8 is released: Onion service infrastructure

Mozilla calls cars from 25 automakers 'data privacy nightmares on wheels'

=> https://www.theregister.com/2023/09/06/mozilla_vehicle_data_privacy/ ↺ Mozilla calls cars from 25 automakers 'data privacy nightmares on wheels'

The foundation, the Firefox browser maker’s netizen-rights org, assessed the privacy policies and practices of 25 automakers and found all failed its consumer privacy tests and thereby earned its Privacy Not Included (PNI) warning label.
In research published Tuesday, the org warned that car manufacturers may collect and commercially exploit much more than location history, driving habits, in-car browser histories, and music preferences. Instead, some makers may handle deeply personal data, such as – depending on the privacy policy – sexual activity, immigration status, race, facial expressions, weight, health, and even genetic information, the Mozilla team found.

The Mozilla Blog: A New York Times Magazine editor on her internet obsessions

=> https://blog.mozilla.org/en/internet-culture/iva-dixit-new-york-times-magazine/ ↺ The Mozilla Blog: A New York Times Magazine editor on her internet obsessions

Here at Mozilla, we are the first to admit the internet isn’t perfect, but we know the internet is pretty darn magical. The internet opens up doors and opportunities, allows for human connection, and lets everyone find where they belong — their corners of the internet. We all have an internet story worth sharing.

Hacks.Mozilla.Org: Faster Vue.js Execution in Firefox

Speedometer 3 is a cross-industry effort to build a modern browser benchmark rooted in real-world user experiences. Its goal is to focus browser engineering effort towards making the Web more smooth for actual users on actual pages. This is hard to do and most browser benchmarks don’t do it well, but we see it as a unique opportunity to improve responsiveness broadly across the Web.

=> https://twitter.com/mozhacks/status/1603435347190419456 ↺ Speedometer 3

This requires a deliberate analysis of the ecosystem — starting with real user experiences and identifying the essential technical elements underlying them. We built several new tests from scratch, and also updated some existing tests from Speedometer 2 to use more modern versions of widely-used JavaScript frameworks.

=> https://twitter.com/mozhacks/status/1603435347190419456 ↺ Speedometer 3

Critical Memory Safety Bug, Other Severe Vulns Fixed in Thunderbird

A critical memory safety bug has been discovered in Thunderbird 115.0 and Thunderbird 102.13 ( CVE-2023-4056 ). Due to the severity of this vulnerability's threat to the confidentiality, integrity, and availability of impacted systems, it has received a National Vulnerability Database base score of 9.8 out of 10. Other severe vulnerabilities have also been found in Thunderbird, including improper validation of the Text Direction Override Unicode Character in filenames ( CVE-2023-3417 ) and copying of an untrusted input stream to a stack buffer without checking its size ( CVE-2023-4050 ).

UPDATE

It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

=> https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ ↺ It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Ah, the wind in your hair, the open road ahead, and not a care in the world… except all the trackers, cameras, microphones, and sensors capturing your every move. Ugh. Modern cars are a privacy nightmare.
Car makers have been bragging about their cars being “computers on wheels" for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants' privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

=> https://lwn.net/Articles/943699/ ↺ Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Proof, once again, that running Linux does not automatically make a device privacy-friendly.

One late piece:

Mozilla: Modern Cars Are A Privacy Shitshow

=> https://www.techdirt.com/2023/09/07/mozilla-modern-cars-are-a-privacy-shitshow/ ↺ Mozilla: Modern Cars Are A Privacy Shitshow

Mozilla’s latest *Privacy Not Included report isn’t subtle when it comes to calling out the shortcomings of modern, internet-connected vehicles:

gemini.tuxmachines.org