Posts in “Announcements”

We recently announced a reboot of our efforts to engage with security contributors at Mozilla. Today our strongest and most lasting contributor relationships are with individuals searching for bug bounties. While this program has been very successful, this model sets … Continue reading

DigiNotar Removal Follow Up

Sep 2 2011

Johnathan Nightingale

Earlier this week we revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we … Continue reading

Plugin Check for Everyone

May 11 2010

Johnathan Nightingale

It’s been a few months since I wrote about the work our plugin check team has been doing, but there are a couple of pretty excellent pieces of news I’d like to share, most notably: the Mozilla plugin check now … Continue reading

Plugging the CSS History Leak

Mar 31 2010

Sid Stamm

Privacy isn’t always easy. We’re close to landing some changes in the Firefox development tree that will fix a privacy leak that browsers have been struggling with for some time. We’re really excited about this fix, we hope other browsers … Continue reading

Firefox 3.6.2 Released

Mar 22 2010

Lucas Adamski

Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. This release contains a number of security fixes, including a fix to Secunia Advisory SA38608 which was previously discussed on this blog when we were first made aware … Continue reading

Component Directory Lockdown – New in Firefox 3.6

Nov 16 2009

Johnathan Nightingale

[This post originally appeared on Mozilla Developer News] We hate crashes. When Firefox crashes, we try to get you back on your feet as quickly as possible, but we’d much rather you not crash in the first place. In Firefox … Continue reading

.NET Framework Assistant & Windows Presentation Foundation Plugin Blocking Update

Oct 19 2009

Johnathan Nightingale

Mike Shaver has posted an update on the situation surrounding our blocking of the .Net Framework Assistant and WPF plugin. In it, he discusses the current state of affairs, the series of events that got us to this point, as … Continue reading

Mozilla Plugin Check Now Live

Oct 13 2009

Johnathan Nightingale

A little over a month ago, I talked about a project we had started to inform users when their plugins were out of date. This is a really important project for us, because old versions of plugins can cause crashes … Continue reading

Leaving Mozilla

Dec 10 2008

Window Snyder

I will be leaving Mozilla at the end of the year. I am sad to be leaving, but I am excited to go work on something I have always been passionate about. I wish I could tell you about it … Continue reading

Mozilla Security Metrics Project

Jul 2 2008

Window Snyder

Mozilla has been working with security researcher and analyst Rich Mogull for a few months now on a project to develop a metrics model to measure the relative security of Firefox over time. We are trying to develop a model … Continue reading

Mozilla Security Blog

Posts in “Announcements”

Rebooting Security Engagement at Mozilla

DigiNotar Removal Follow Up

Plugin Check for Everyone

Plugging the CSS History Leak

Firefox 3.6.2 Released

Component Directory Lockdown – New in Firefox 3.6

.NET Framework Assistant & Windows Presentation Foundation Plugin Blocking Update

Mozilla Plugin Check Now Live

Leaving Mozilla

Mozilla Security Metrics Project