This is a short announcement for all security researchers working on Firefox that use our pre-built AddressSanitzer (ASan) builds. Until recently, you could download these ASan builds from our FTP servers. Due to changes to our internal build infrastructure, these … Continue reading
Posts by decoder
We recently started measuring C/C++ code coverage on mozilla-central again and documented the various efforts around it in a new MDN article.
In the past half year I learned quite a lot about the different fuzzing approaches that security researchers and contributors use on Firefox. Although information on the subject should be public, a lot of it seems hard to find for … Continue reading
Recently, Mozilla responded to an imminent threat to Firefox users who have an outdated Java plugin installed: Vulnerable versions of the plugin were blocked automatically (see blog post). Since then, I’ve been asked a few times why this is important; … Continue reading
Fuzz testing (automated, random testing) is an important part of nearly every application security life cycle. While there are a lot of tools, frameworks and harnesses available for regular desktop platforms/operating systems, there’s still a lot missing in the mobile … Continue reading
In a previous blog post, I outlined how the memory error detection tool Address Sanitizier (ASan) can be used with Firefox to find memory problems with a high degree of performance and how it can even detect certain errors that … Continue reading