Earlier this week, security researchers published reports that Firefox and Tor Browser were vulnerable to “man-in-the-middle” (MITM) attacks under special circumstances. Firefox automatically updates installed add-ons over an HTTPS connection. As a backup protection measure against mis-issued certificates, we also … Continue reading
Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. … Continue reading
Heartbleed is a serious vulnerability in OpenSSL that was disclosed on Tuesday, April 8th, and impacted any sites or services using OpenSSL 1.01 – 1.01.f and 1.0.2-beta1. Due to the nature of the bug, the only obvious way to test … Continue reading
We recently started measuring C/C++ code coverage on mozilla-central again and documented the various efforts around it in a new MDN article.
Update (Oct 11, 2012) An update to Firefox for Windows, Mac and Linux was released at 12pm PT on Oct 11. Users will be automatically updated and new downloads via http://www.mozilla.org/firefox/new/ will receive the updated version (16.0.1). A fix for … Continue reading
In the past half year I learned quite a lot about the different fuzzing approaches that security researchers and contributors use on Firefox. Although information on the subject should be public, a lot of it seems hard to find for … Continue reading
Recently, Mozilla responded to an imminent threat to Firefox users who have an outdated Java plugin installed: Vulnerable versions of the plugin were blocked automatically (see blog post). Since then, I’ve been asked a few times why this is important; … Continue reading
Update (Oct 27, 2010 @ 20:12): A fix for this vulnerability has been released for Firefox and Thunderbird users. Firefox 3.6.12 and 3.5.15 security updates now available Thunderbird 3.1.6 and 3.0.10 security updates now available Issue: Mozilla is aware of … Continue reading
Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. This release contains a number of security fixes, including a fix to Secunia Advisory SA38608 which was previously discussed on this blog when we were first made aware … Continue reading
Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted … Continue reading
