Security metrics are very difficult to do well, and easy to do poorly. For example, take a look at the recent Secunia “2008 Report” (http://secunia.com/gfx/Secunia2008Report.pdf). It tries to break down … Read more
I will be leaving Mozilla at the end of the year. I am sad to be leaving, but I am excited to go work on something I have always been … Read more
Firefox 2.0.0.12 is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3. An attacker can lure a victim to load a web page with an embedded media object or a … Read more
Firefox 2.0.0.8 was released yesterday as part of our continuing efforts to improve the security of the web browser. This security update contains fixes for security issues described here and … Read more
How can Mozilla be open about security issues without exposing users to additional risk? Being open about security issues means that users have the information they need to understand their … Read more
Issue Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code. Impact If Firefox is the default browser when a user plays a malicious … Read more
Time again to rally the infosec professionals for drinks at O’Neill’s. See you there. http://www.sockpuppet.org/baysec/