Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Mozilla Warns Chrome, Firefox ‘100’ User Agents may Break Sites

Mozilla Warns Chrome, Firefox ‘100’ User Agents may Break Sites

Mozilla is warning website developers that the upcoming Firefox 100 and Chrome 100 versions may break websites when parsing user-agent strings containing three-digit version numbers.

A user-agent is a string used by a web browser that includes information about the software, such as the browser name, its version number, and the various technologies it uses.

When a person visits a website, the browser’s user-agent is sent along with the request for a web page. This allows the web page to check the visitor’s browser version and modify its response based on the features the browser supports.

Also Read: IT Governance Framework PDF Best Practices And Guidelines

For example, the current user-agent for Mozilla Firefox version 97 is:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0

Note, if you have the Firefox ‘privacy.resistFingerprinting’ setting set to ‘True,’ your user-agent will be locked to ‘Firefox/78.0.’

For the current version of Google Chrome 98, the user-agent is:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36

Mozilla warns of version 100 user-agent strings

In August 2021, Mozilla launched an experiment to see if the three-digit ‘Firefox/100’ user-agent string would cause problems with websites. Google soon followed with their own experiment for Chrome 100.

In both experiments, Mozilla and Google found a small number of websites that would not operate correctly when parsing a user-agent string that contained a three-digit version number.

Since then, Mozilla has been keeping track of web bugs caused by the version 100 change and has found problems on websites for HBO Go, BethesdaYahooSlack, and those created by the Duda website builder.

For the most part, these issues have ranged from the websites stating the browser is unsupported to user interface issues affecting portions of the site.

“Without a single specification to follow, different browsers have different formats for the User-Agent string, and site-specific User-Agent parsing. It’s possible that some parsing libraries may have hard-coded assumptions or bugs that don’t take into account three-digit major version numbers,” Mozilla explains in a new blog post about the upcoming user-agent changes.

Also Read: Steps On How To Create Complain About Telemarketing Calls

“Many libraries improved the parsing logic when browsers moved to two-digit version numbers, so hitting the three-digit milestone is expected to cause fewer problems.”

Mozilla and Google will continue running experiments for version 100 user-agents until the browsers are released on March 29 for Chrome and May 3 for Firefox.

If there are issues with sites that Mozilla or Google cannot fix before these versions are released, both Google and Mozilla have backup plans ready to ensure the sites are not affected.

For Firefox, Mozilla has a site interventions mechanism to freeze the user-agent at Firefox/99 or inject CSS or other overrides to fix the bugs.

Similarly, Chrome plans to freeze the version shown in the user-agent string to 99 for problematic sites and report the actual version in another part of the user-agent string.

As for website developers and admins, Mozilla asks them to test if changing to the Firefox 100 and Chrome 100 user-agents break their websites.

This can be done by performing the following steps:

Configure Firefox Nightly to report the major version as 100

  1. Open Firefox Nightly’s Settings menu.
  2. Search for “Firefox 100” and then check the “Firefox 100 User-Agent String” option.

When enabled, the Firefox user-agent string will change to:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0

Configure Chrome to report the major version as 100

  1. Go to chrome://flags/#force-major-version-to-100
  2. Set the option to `Enabled`.

When enabled, the Chrome user-agent string will change to:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4758.102 Safari/537.36

If a problem is found, Mozilla asks developers to file a report on webcompat.com so that there is ample time to address any issues.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us