Mozilla recently implemented a block for older versions of Java (Version 6 Update 30 and below as well as Version 7 Update 2 and below) which are vulnerable to a critical security issue. For additional details, please see https://blog.mozilla.org/addons/2012/04/02/blocking-java/
Posts by Lucas Adamski
Issue There is a specific security issue with the WebGL implementation in Firefox 4. Impact to users This issue allows attackers to capture screen shots of private or confidential information. Status Mozilla is aware of this bug and has issued … Continue reading
Mozilla recently had the opportunity to participate in a panel discussion regarding the economics of vulnerabilities and bug bounties at the Hack in the Box conference in Amsterdam. Out of that came some interesting insights about how various markets are … Continue reading
Zack Weinberg did a great blog post explaining the recent changes in Firefox 3.5.11 and 3.6.7 to mitigate cross-site data theft using CSS. This is a mitigation for an issue originally “rediscovered” by Chris Evans.
I’ve posted some of my recent thinking on privacy and identity. For some time we’ve generally seen privacy treated as its own problem domain, oddly divorced from the realms of security and identity. Perhaps its time for a different approach?
Mozilla launched its security bounty program in 2004 and while the original mission of protecting users by supporting security research has not changed, the security environment has changed tremendously. In recognition of these changes we are updating our security bounty … Continue reading
Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. This release contains a number of security fixes, including a fix to Secunia Advisory SA38608 which was previously discussed on this blog when we were first made aware … Continue reading
Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code … Continue reading
Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted … Continue reading
Important Note: One of the malware results has been verified to be a false positive. Further details are available here: http://blog.mozilla.org/addons/2010/02/09/update-on-the-amo-security-issue/ Original blog entry follows below. Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware. … Continue reading