Articles in “Security”

Low Risk Denial of Service in Firefox

Issue A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page. Impact If a … Read more

Mozilla Security Metrics Project

Mozilla has been working with security researcher and analyst Rich Mogull for a few months now on a project to develop a metrics model to measure the relative security of … Read more

New Security Issue Under Investigation

TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0.  This issue is currently under investigation.  To protect our users, the details of the issue … Read more

chrome protocol directory traversal

Issue A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure. Impact When a chrome package is “flat” rather … Read more

BasicAuth dialog realm value spoofing

Issue The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site. … Read more