mgoodwin
The lack of (or inconsistent use of) SSL puts users’ security and privacy at risk. Increasingly, popular sites require SSL not only for operations which are known to directly involve private data (login, etc) but for entire sessions. This is … Continue reading
Curtisk
We recently announced a reboot of our efforts to engage with security contributors at Mozilla. Today our strongest and most lasting contributor relationships are with individuals searching for bug bounties. While this program has been very successful, this model sets … Continue reading
dkeeler
HSTS (HTTP Strict Transport Security [1][2]) is a mechanism by which a server can indicate that the browser must use a secure connection when communicating with it. It can be an effective tool for protecting the privacy and security of … Continue reading
mcoates
October is National Cyber Security Awareness month and we want to take the opportunity to reiterate Mozilla’s security commitment to the Web. From Firefox for Windows, Mac, Linux and Android to Firefox OS to the Firefox Marketplace, Persona and more – … Continue reading
dkeeler
You may have heard of click-to-play plugins (in short: don’t load plugins until they’re clicked). You may have also heard of the blocklist (essentially a list of addons and plugins that are disabled to prevent users coming to harm; this … Continue reading
mcoates
Update (Oct 11, 2012) An update to Firefox for Windows, Mac and Linux was released at 12pm PT on Oct 11. Users will be automatically updated and new downloads via http://www.mozilla.org/firefox/new/ will receive the updated version (16.0.1). A fix for … Continue reading
Simon Bennetts
The OWASP Zed Attack Proxy (otherwise known as ZAP) is a free security tool which you can use to find security vulnerabilities in web applications. My name is Simon Bennetts, and I am the ZAP Project Leader; there is … Continue reading
mcoates
Update – Aug 31, 2012 Yesterday Oracle released a patch for the critical vulnerabilities identified within Java. Visit the Mozilla Plugin Check webpage to find out if your Java plugin needs to be updated: https://www.mozilla.org/plugincheck/ Additional information from Oracle can … Continue reading
jstevensen
On Monday July, 9, 2012, approximately 250,000 internet users may lose access to the internet because of changes made to their computers by a malicious virus. The virus that caused this problem is commonly referred to as “DNSChanger”. If your … Continue reading
mcoates
“Subscription trap” websites prey on users who are trying to download legitimate free software. These sites trick users into paying for expensive subscriptions for otherwise free software. Some even go as far as threatening users with collection efforts to compel … Continue reading