Articles in “Security”

jar: Protocol XSS Security Issues

Issue jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to … Read more

Meet the Mozilla Security Group

How can Mozilla be open about security issues without exposing users to additional risk? Being open about security issues means that users have the information they need to understand their … Read more

Firefox 2.0.0.7 now available

Firefox 2.0.0.7 was released this afternoon to patch the QuickTime issue described here. This will protect Firefox users from the public critical security vulnerability until a patch is available from … Read more

Mike Shaver, ten days, and expletives

Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When … Read more

JavaScript fuzzer available

Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox … Read more

BaySec is tonight!

If you are a security geek in the bay area, find your way to O’Niell’s on 3rd and King Street in San Francisco at 7pm to meet up at BaySec. … Read more