Leaving Mozilla
Window Snyder
I will be leaving Mozilla at the end of the year. I am sad to be leaving, but I am excited to go work on something I have always been passionate about. I wish I could tell you about it … Continue reading
Posts by Window Snyder
Malicious Firefox Plugin
Window Snyder
Issue A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading. Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to a remote server. Impact If a user has been tricked … Continue reading
Low Risk Denial of Service in Firefox
Window Snyder
Issue A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page. Impact If a user browses to a malicious page that takes advantage of … Continue reading
TippingPoint vulnerability patched in Firefox 3.0.1 and 2.0.0.16
Window Snyder
Issue A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be successful a user must browse to a malicious site. The … Continue reading
Mozilla Security Metrics Project
Window Snyder
Mozilla has been working with security researcher and analyst Rich Mogull for a few months now on a project to develop a metrics model to measure the relative security of Firefox over time. We are trying to develop a model … Continue reading
Firefox users most likely to run latest version of the browser
Window Snyder
A recent report identified Firefox users as most likely to be running the latest version of the browser at any point in time. Brian Krebs at the Washington Post comments on it here: Forty Percent of Web Users Surf With … Continue reading
New Security Issue Under Investigation
Window Snyder
TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0. This issue is currently under investigation. To protect our users, the details of the issue will remain closed until a patch is made available. There … Continue reading
Clarification on Vietnamese Language Pack Compromise
Window Snyder
As today’s headlines confirm, there is still a lot of confusion about what happened to the Vietnamese language pack, who is impacted, and what that impact really is. First of all, there is no virus in the Vietnamese language pack. … Continue reading
Compromised file in Vietnamese Language Pack for Firefox 2
Window Snyder
The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but … Continue reading
Firefox 2.0.0.12 is now available
Window Snyder
Firefox 2.0.0.12 is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12