Tanvi
Firefox 23 moved from Nightly to Aurora this week, bundled with a new browser security feature. The Mixed Content Blocker is enabled by default in Firefox 23 and protects our users from man-in-the-middle attacks and eavesdroppers on HTTPS pages. When … Continue reading
Gary
One of the goals of the fuzzing team is to identify security vulnerabilities within our products using various techniques. As we continue working with Firefox OS, we need to build and adapt the proper tools to enable fuzz testing on … Continue reading
Curtisk
Members of the Mozilla Security community will be participating in an “Ask Me Anything (AMA)” even on Reddit tomorrow, 27-March-2013. We anticipate to run this for 24 hours from March 27th at 6:00 am PDT through March 28th at 6:00 … Continue reading
mcoates
This week the Pwn2Own competition took place as part of the CanSecWest security conference. The Pwn2Own competition provides cash rewards for individuals that are able to demonstrate a security vulnerability in browsers or the browser plugins Flash and Java. Researchers … Continue reading
mcoates
Mozilla released version 2.1 of the Mozilla CA Certificate Policy. This version adds a requirement for either the technical constraint or the audit of subordinate CA certificates, and requires CAs who issue SSL certificates to comply with the CA/Browser Forum … Continue reading
gdestuynder
Mozilla maintains a wide range of services which are secured using different solutions. For internal repositories, our Operations Security team has chosen to use the low-cost, open source and open hardware CryptoStick from the German Privacy Foundation. Advantages of using … Continue reading
mcoates
Mozilla is changing the way Firefox loads third party plugins such as Flash, Java and Silverlight. This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins … Continue reading
decoder
We recently started measuring C/C++ code coverage on mozilla-central again and documented the various efforts around it in a new MDN article.
mcoates
Update – January 18, 2013 Mozilla is extending Click to Play for Java 7u11 due to reports of exploit code available for 7u11 and information that all elements of the original Java bug have not been fully addressed by Oracle … Continue reading
mcoates
Update: For clarification, the last sentence of this post references our actions to suspend inclusion of a TURKTRUST root certificate. There are currently two TURKTRUST root certificates included in Mozilla’s CA Certificate program. TURKTRUST had requested that a newer root … Continue reading