FOXTROT/ALFA: Critical Firefox Zero-Days, Zoom vs. Skype, New Red Hat CEO
Welcome to the 94th issue of FOXTROT/ALFA for Monday, 6 April 2020. Let’s dive right into today’s technology news.
Critical Firefox Updates
Mozilla has released security updates for Firefox in the wake of two zero-day vulnerabilities that are being actively exploited in the wild.
Mozilla has released security updates for its Firefox browser in conjunction with a US Cybersecurity and Infrastructure Security Agency (CISA) advisory warning that critical vulnerabilities in the browser are being actively exploited. “An attacker could exploit these vulnerabilities to take control of an affected system,” US CISA said, without providing any specific details about the two bugs. “These vulnerabilities have been detected in exploits in the wild.”
Mozilla’s Security Advisory identifies two CVEs: CVE-2020-6819: Use-after-free() while running the nsDocShell destructor and CVE-2020-6820: Use-after-free() when handling a ReadableStream. The bugs involve race conditions that can lead to use-after-free() errors.
Local Code Execution Vulnerability in Systemd
Tavis Ormandy is at it again. Because of him, systemd has also received a pretty important fix:
A heap use-after-free vulnerability was found in systemd, when asynchronous Polkit queries are performed while handling Dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. CVE-2020-1712 has been assigned to this issue.
Zoom Security Issues, Skype Trying to Stay Relevant
There’s been much reporting of the security flaws and privacy issues inherent in Zoom’s teleconferencing software, which has become massively popular in the wake of the COVID-19 lockdown. I’ve summed it all up in a podcast episode I released today for my show The Private Citizen. Even if you don’t want to listen to a podcast right now, the show notes are very in-depth and link to all the relevant stories.
Meanwhile, Skype is trying to stay relevant in a world that has zoomed right by them by offering free one-click video conferences that you don’t need a Skype account or the desktop client for. Seeing how horrible Zoom’s track record is with security and privacy, it’s worth a look, I think.
New Red Hat CEO
Red Hat’s long-time CEO Jim Whitehurst is going to lead IBM, which took over Red Hat in 2019. The company has now named his replacement:
Long-serving Red Hatter Paul Cormier has been named president and chief exec as his predecessor, Jim Whitehurst, sets off for fields Big and Blue. Cormier is very much a Red Hat insider, having joined in 2001 and overseen the addition of Red Hat Enterprise Linux (RHEL) to the company’s line-up. He is also credited with pioneering the subscription model that shunted the firms and its wares into boardrooms.
Sounds like he’s responsible for pretty much everything that’s made Red Hat successful from a business point of view.
Cormier, who described RHEL as “by far the most successful thing I ever have or ever will work on”, has his work cut out as Red Hat’s business is integrated with IBM’s. Research, sponsored by Red Hat itself, showed the company enjoyed a substantial share of the worldwide server operating system market ahead of the IBM acquisition. Buddying up with Microsoft will have done no harm to those figures, despite IBM’s well-documented struggles to keep its own cloud relevant.
I’d never heard of the guy. I’m guessing he’s no relation to former two-time UFC world champion Daniel “DC” Cormier…
Burning 5G Masts Amid Coronavirus Panic
In the UK, they are setting 5G masts on fire because of coronavirus fear. You can’t make this shit up.
UK Cabinet Office minister Michael Gove has used a daily briefing to slam those advancing baseless theories that 5G radios are in some way responsible for the coronavirus. Gove was on Saturday asked what he thought of such theories, especially in light of reports that vandals have torched cellular towers in Blighty – presumably to stop them emitting corona-causing radiation. Which they are not.
“The reality is that the mobile phone networks are absolutely critical to all of us, particularly in a time when we are asking people to stay at home and to not see relatives and friends. In particular, those are also the phone networks that are used by our emergency services and our health workers and I’m absolutely outraged absolutely disgusted that people would be taking action against the very infrastructure that we need to respond to this health emergency. It is absolute and utter rubbish, and I can’t condemn it in stronger terms than that.”
SpaceX Starship Goes Boom (Again)
SpaceX began testing its newest prototype of a massive Starship vehicle in Texas overnight, and video footage suggests that process did not go smoothly. Starship is the company’s massive spacecraft designed to colonize Mars and tackle other heavy-lift deep-space missions. The latest version, dubbed SN3 (short for Serial No. 3) was scheduled to undergo a series of tests culminating in short, “hopping” flights. But something went wrong in an early test conducted yesterday (April 2).
The test, a cryogenic pressure test, was intended to demonstrate that SN3 could withstand the high pressure of very cold fuel that such a vehicle will need to endure before flights. Instead, the video footage taken near SpaceX’s Starship hub in Boca Chica, Texas, appears to show SN3 collapse under pressure.
Microsoft Edge Eclipses Firefox
According to analysts, Microsoft’s Edge browser is now the second most used browser behind Google’s Chrome.
Edge had been making steady progress over the last few months, finally passing Internet Explorer in December 2019 to take third place with 6.07 per cent of desktop browser share compared to 5.84 per cent.
By March, Firefox’s share had dropped from 8.27 per cent in December to 7.19 per cent, allowing Edge to slip ahead with 7.59 per cent. Leader Chrome also saw a slight rise, from 68.06 per cent to 68.50 per cent.
Some other stuff I’ve been reading:
- Pan-European group plans cross-border contact-tracing app – and promises GDPR compliance
- Now in beta: Ubuntu 20.04: The most exciting new features
- COBOL-coding volunteers sought as slammed mainframes slow New Jersey’s coronavirus response
- Google rolling back Chrome’s cookie security measure in light of COVID-19
This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.