abillings
On Monday, February 27, security researcher Brenda Larcom came to Mozilla to present on security threat modeling. This was a discussion on the Trike methodology for threat modeling that she and others have been developing over the last nine years. … Continue reading
mgoodwin
On Tuesday 28th February, Mark Goodwin from Mozilla’s Application Security team will be presenting a guest lecture at the University of Warwick. This session will introduce students to web security and equip them with the skills to identify, resolve and … Continue reading
Curtisk
We’ve decided to reorganize our security teams and as part of the change we are going to be using this blog in some new ways. The most notable change is this blog will now host posts on a variety of … Continue reading
Johnathan Nightingale
Earlier today we sent an email to all certificate authorities in the Mozilla root program to clarify our expectations around certificate issuance. In particular, we made it clear that the issuance of subordinate CA certificates for the purposes of SSL … Continue reading
Daniel Veditz
Issue The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites … Continue reading