Security Leftovers: Updates, Deprecation of FTP in Firefox and CPU Security Defects Security updates for Monday Security updates have been issued by Fedora (haproxy), Gentoo (chromium and libssh), openSUSE (ansible, chromium, gmp, gnutls, libnettle, libssh, mgetty, nagios, permissions, and python-PyYAML), and Oracle (firefox, kernel, qemu-kvm, and telnet).

What to expect for the upcoming deprecation of FTP in Firefox The Firefox platform development team recently announced plans to first disable, and then remove the implementation for built-in FTP from the browser. FTP is a protocol to transfer files from one host to another, and it is being removed because it is an infrequently used and insecure protocol. After FTP is disabled in Firefox, people can still use it to download resources if they really want to, but the protocol will be handled by whatever external application is supported on their platform. FTP was disabled on the Firefox Nightly pre-release channel on April 9. To mitigate the risk of potentially causing breakages during the COVID-19 pandemic, FTP will not be removed from the Firefox release channel until at least July 2020. If the pandemic situation has not improved by July 28 (the expected release date for Firefox 79), there may be further delays. Add-ons that use FTP may experience breakage on Nightly but will continue to work as usual on the Beta and release channels. We want to help developers address these breakages as best as we can while this change is on Nightly. If you maintain an extension that uses FTP, please test it on Nightly (or on any current version of Firefox by flipping the preference network.ftp.enabled to false) and file a bug if you notice any issues. We will also evaluate whether new features should be added to help you maintain file transfer functionality.

The Desktop CPU Security Mitigation Impact On Ubuntu 20.04 With Ubuntu 20.04 LTS offering a newer kernel compared to Ubuntu 18.04 LTS and various other software updates, this article is intended to provide fresh reference figures on the cost of these CPU vulnerability mitigations using this up-to-date Long Term Support Linux distribution using tests carried out in recent days on the near-final Ubuntu 20.04 Focal Fossa builds. Besides testing both Intel and AMD systems, the spectrum of CPUs tested also included those completely exposed to the various vulnerabilities and more recent processors having some levels of hardware mitigation. On each of the desktops, Ubuntu 20.04 was booted in its out-of-the-box configuration and then repeating the tests after booting the default kernel with "mitigations=off" for avoiding the various mitigations that can be toggled at run-time.