Articles in “Security”

Fraudulent *.google.com Certificate

Update (Sept. 6, 2011 @10:37 a.m. PT): New security updates for Firefox are now available. Update (8.30.11 @ 11:25 p.m. PT) Mozilla just released an update to Firefox for Desktop, … Read more

WebGL graphics memory stealing issue

Issue There is a specific security issue with the WebGL implementation in Firefox 4. Impact to users This issue allows attackers to capture screen shots of private or confidential information. … Read more

Economics of vulnerabilites roundtable

Mozilla recently had the opportunity to participate in a panel discussion regarding the economics of vulnerabilities and bug bounties at the Hack in the Box conference in Amsterdam. Out of … Read more

Comodo Certificate Issue – Follow Up

This is a follow-up to the previous Mozilla report about the fraudulent certificates issued by Comodo last week. On 15th March 2011, a RA partner of the Comodo CA suffered … Read more

Firefox Blocking Fraudulent Certificates

Issue Mozilla has been informed about the issuance of several fraudulent SSL certificates for public websites. The certificates have been revoked by their issuer which should protect most users. This … Read more

Web Bounty Update

It has been just over a month since we announced the expansion of our bounty program to include selected web applications.  We have received many bug reports and have awarded … Read more

addons.mozilla.org disclosure

On December 17th, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server. The security researcher reported … Read more

Adding Web Applications to the Security Bug Bounty Program

Many people are not aware that we have paid a bounty in the past on web application security vulnerabilities which impact client security. We have only paid on critical or extraordinary web application vulnerabilities which have a direct impact against the client. We are now going to include critical and high severity web applications vulnerabilities. So we are giving a range starting at $500 (US) for high severity and, in some cases, may pay up to $3000 (US) for extraordinary or critical vulnerabilities. Read more

Cooling Down the Firesheep

There have been a number of reports about a new Firesheep tool that exposes a weakness in website security, letting attackers snoop on people using public networks, steal their cookies, … Read more