Articles in “Security”

How Mozilla finds crash bugs

This Tuesday (2009-07-21), I’m organizing a crash bug triage day where anyone interested can help us classify the swamp of open crash bugs. Join us in #bugday on if … Read more

New CSS Grammar Fuzzer

Mozilla’s Jesse Ruderman just blogged about a new CSS grammar fuzzer of his, to go along with the JS fuzzer we announced a while ago. Fuzzers are a tool that … Read more

Beware the Security Metric

Security metrics are very difficult to do well, and easy to do poorly. For example, take a look at the recent Secunia “2008 Report” ( It tries to break down … Read more

MD5 Weaknesses Could Lead to Certificate Forgery

Issue Researchers have recently found weaknesses in the MD5 hash algorithm, relied on by some SSL certificates. Using these weaknesses, an attacker could obtain fraudulent SSL certificates for websites they … Read more

The Importance of Good Metrics

There has been some interest in the last few days about a recent report from a company called Bit9 about application vulnerabilities. While we’re always happy to see stories that … Read more

Malicious Firefox Plugin

Issue A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading.  Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to … Read more