Blocklisting Older Versions of Java
The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary … Read more
The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary … Read more
One malicious add-on and another add-on with a serious security vulnerability were discovered recently on the Mozilla Add-ons site. Both issues have been dealt with, and the details are described … Read more
Reviewing add-ons is a complicated task, and we haven’t been very good at documenting the whole process. New editors were trained live through IRC, and the training session usually took … Read more
There have been a number of situations in the past few weeks that have prompted modifications to our established Review Policies. Most of them have already been announced in a … Read more
The add-on review process remains a mystery for many add-on developers. As a developer myself, I admit it feels like dropping your add-on into a bottom-less pit and just waiting … Read more
Last week, we disclosed two instances of suspected malware in experimental add-ons on AMO. Since that disclosure, we’ve worked with security experts and add-on developers to determine that the suspected … Read more
NOTE: Further investigation has revealed that all versions of Sothink Web Video Downloader are malware free. For more, read our update. Issue Two experimental add-ons, Version 4.0 of Sothink Web … Read more
Surprises can be appropriate in many situations, but they are not welcome when user security, privacy, and control are at stake. Mozilla is committed to guarding these principles, and we … Read more
Over on the Adblock Plus blog, Wladimir Palant has posted two great articles on how to avoid making some common mistakes in extension development that lead to security vulnerabilities. I … Read more