Guest Blog Post: Good First Steps to Find Security Bugs in Fenix (Part 1)
This blog post is one of several guest blog posts, where we invite participants of our bug bounty program to write about bugs they’ve reported to us. Fenix is a … Read more
This blog post is one of several guest blog posts, where we invite participants of our bug bounty program to write about bugs they’ve reported to us. Fenix is a … Read more
This blog post is one of several guest blog posts, where we invite participants of our bug bounty program to write about bugs they’ve reported to us. Background In … Read more
This blog post is the first of several guest blog posts we’ll be publishing, where we invite participants of our bug bounty program to write about bugs they’ve reported … Read more
The security implications of Just-in-Time (JIT) Compilers in browsers have been getting attention for the past decade and the references to more recent resources is too great to enumerate. While … Read more
Recently we increased bounty payouts and also included a Static Analysis component in our bounty program; and we are expanding our bug bounty program even further with a new Exploit … Read more
This is the second and final part of a blog post series that explains how Firefox implements Web Security fundamentals, like the Same-Origin Policy and Content-Security-Policy. While the first … Read more
In a recent academic publication titled Hardening Firefox against Injection Attacks (to appear at SecWeb – Designing Security for the Web) we describe techniques which we have incorporated into … Read more
The Secure Open Source track of the Mozilla Open Source Support (MOSS) Program primarily funds audits of open source projects. For example, we funded the iTerm2 Audit which turned out … Read more
This is the first part of a blog post series that will allow you to understand how Firefox implements Web Security fundamentals, like the Same-Origin Policy. This first post of … Read more
In November of 2019 we added static analysis bounties for CodeQL queries and Clang plugins. Github has a great CodeQL portal with detailed instructions for creating a database that will … Read more
TL;DR, An Introduction This post originally appeared on Mozilla Hacks. Fuzzing, or fuzz testing, is an automated approach for testing the safety and stability of software. It’s typically performed by … Read more
Welcome to Mozilla’s new Attack & Defense blog. We’re going to use this blog as a vehicle for tailored content specifically for engineers, security researchers, and Firefox bug bounty participants. … Read more