As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework … Read more
I wrote last week about a new project we’ve started, informing our users when they’re running out of date versions of popular plugins. We focused our initial efforts on the … Read more
Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old … Read more
Issue The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page. Impact to users If a user visits … Read more
Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network … Read more
This Tuesday (2009-07-21), I’m organizing a crash bug triage day where anyone interested can help us classify the swamp of open crash bugs. Join us in #bugday on irc.mozilla.org if … Read more
In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these … Read more
Issue A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code. … Read more
For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on … Read more
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to … Read more
Issue The pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido Landi (http://www.securityfocus.com/bid/34235) are both critical issues that can result in malicious … Read more
Mozilla’s Jesse Ruderman just blogged about a new CSS grammar fuzzer of his, to go along with the JS fuzzer we announced a while ago. Fuzzers are a tool that … Read more