Using Coverage Data for Security
decoder
We recently started measuring C/C++ code coverage on mozilla-central again and documented the various efforts around it in a new MDN article.
Posts in “Security”
Protecting Users Against Java Vulnerability
mcoates
Update – January 18, 2013 Mozilla is extending Click to Play for Java 7u11 due to reports of exploit code available for 7u11 and information that all elements of the original Java bug have not been fully addressed by Oracle … Continue reading
Revoking Trust in Two TurkTrust Certificates
mcoates
Update: For clarification, the last sentence of this post references our actions to suspend inclusion of a TURKTRUST root certificate. There are currently two TURKTRUST root certificates included in Mozilla’s CA Certificate program. TURKTRUST had requested that a newer root … Continue reading
HTTP Strict Transport Security
mgoodwin
The lack of (or inconsistent use of) SSL puts users’ security and privacy at risk. Increasingly, popular sites require SSL not only for operations which are known to directly involve private data (login, etc) but for entire sessions. This is … Continue reading
Preloading HSTS
dkeeler
HSTS (HTTP Strict Transport Security [1][2]) is a mechanism by which a server can indicate that the browser must use a secure connection when communicating with it. It can be an effective tool for protecting the privacy and security of … Continue reading
Mozilla’s Commitment To Security
mcoates
October is National Cyber Security Awareness month and we want to take the opportunity to reiterate Mozilla’s security commitment to the Web. From Firefox for Windows, Mac, Linux and Android to Firefox OS to the Firefox Marketplace, Persona and more – … Continue reading
Click-to-Play Plugins, Blocklist-Style
dkeeler
You may have heard of click-to-play plugins (in short: don’t load plugins until they’re clicked). You may have also heard of the blocklist (essentially a list of addons and plugins that are disabled to prevent users coming to harm; this … Continue reading
OWASP ZAP – the Firefox of web security tools
Simon Bennetts
The OWASP Zed Attack Proxy (otherwise known as ZAP) is a free security tool which you can use to find security vulnerabilities in web applications. My name is Simon Bennetts, and I am the ZAP Project Leader; there is … Continue reading
Protecting Users Against Java Security Vulnerability
mcoates
Update – Aug 31, 2012 Yesterday Oracle released a patch for the critical vulnerabilities identified within Java. Visit the Mozilla Plugin Check webpage to find out if your Java plugin needs to be updated: https://www.mozilla.org/plugincheck/ Additional information from Oracle can … Continue reading
Protect Your Machine From Losing Internet Connectivity Due to DNSChanger Virus
jstevensen
On Monday July, 9, 2012, approximately 250,000 internet users may lose access to the internet because of changes made to their computers by a malicious virus. The virus that caused this problem is commonly referred to as “DNSChanger”. If your … Continue reading