Update – January 18, 2013 Mozilla is extending Click to Play for Java 7u11 due to reports of exploit code available for 7u11 and information that all elements of the … Read more
Update: For clarification, the last sentence of this post references our actions to suspend inclusion of a TURKTRUST root certificate. There are currently two TURKTRUST root certificates included in Mozilla’s … Read more
The lack of (or inconsistent use of) SSL puts users’ security and privacy at risk. Increasingly, popular sites require SSL not only for operations which are known to directly involve … Read more
HSTS (HTTP Strict Transport Security [1][2]) is a mechanism by which a server can indicate that the browser must use a secure connection when communicating with it. It can be … Read more
October is National Cyber Security Awareness month and we want to take the opportunity to reiterate Mozilla’s security commitment to the Web. From Firefox for Windows, Mac, Linux and Android to … Read more
You may have heard of click-to-play plugins (in short: don’t load plugins until they’re clicked). You may have also heard of the blocklist (essentially a list of addons and plugins … Read more
The OWASP Zed Attack Proxy (otherwise known as ZAP) is a free security tool which you can use to find security vulnerabilities in web applications. My name is Simon … Read more
Update – Aug 31, 2012 Yesterday Oracle released a patch for the critical vulnerabilities identified within Java. Visit the Mozilla Plugin Check webpage to find out if your Java plugin … Read more
On Monday July, 9, 2012, approximately 250,000 internet users may lose access to the internet because of changes made to their computers by a malicious virus. The virus that caused … Read more
“Subscription trap” websites prey on users who are trying to download legitimate free software. These sites trick users into paying for expensive subscriptions for otherwise free software. Some even go … Read more
In the past half year I learned quite a lot about the different fuzzing approaches that security researchers and contributors use on Firefox. Although information on the subject should be … Read more
At Mozilla we have a strong commitment to security; unfortunately due to the volume of work underway at Mozilla we sometimes have a bit of a backlog in getting security … Read more