Using Coverage Data for Security
decoder
We recently started measuring C/C++ code coverage on mozilla-central again and documented the various efforts around it in a new MDN article.
Posts in “Vulnerabilities”
Security Vulnerability in Firefox 16
mcoates
Update (Oct 11, 2012) An update to Firefox for Windows, Mac and Linux was released at 12pm PT on Oct 11. Users will be automatically updated and new downloads via http://www.mozilla.org/firefox/new/ will receive the updated version (16.0.1). A fix for … Continue reading
7 Tips for Fuzzing Firefox More Effectively
decoder
In the past half year I learned quite a lot about the different fuzzing approaches that security researchers and contributors use on Firefox. Although information on the subject should be public, a lot of it seems hard to find for … Continue reading
Why an outdated Java Plugin is so serious
decoder
Recently, Mozilla responded to an imminent threat to Firefox users who have an outdated Java plugin installed: Vulnerable versions of the plugin were blocked automatically (see blog post). Since then, I’ve been asked a few times why this is important; … Continue reading
Critical vulnerability in Firefox 3.5 and Firefox 3.6
Brandon Sterne
Update (Oct 27, 2010 @ 20:12): A fix for this vulnerability has been released for Firefox and Thunderbird users. Firefox 3.6.12 and 3.5.15 security updates now available Thunderbird 3.1.6 and 3.0.10 security updates now available Issue: Mozilla is aware of … Continue reading
Firefox 3.6.2 Released
Lucas Adamski
Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. This release contains a number of security fixes, including a fix to Secunia Advisory SA38608 which was previously discussed on this blog when we were first made aware … Continue reading
Secunia Advisory SA38608
Lucas Adamski
Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted … Continue reading
Security Issues With Two Experimental Add-Ons
Lucas Adamski
Important Note: One of the malware results has been verified to be a false positive. Further details are available here: http://blog.mozilla.org/addons/2010/02/09/update-on-the-amo-security-issue/ Original blog entry follows below. Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware. … Continue reading
.NET Framework Assistant Blocked to Disarm Security Vulnerability
Johnathan Nightingale
Mike Shaver, Mozilla’s Vice President of Engineering writes: I’ve previously posted about the .NET Framework Assistant add-on that was delivered via Windows Update earlier this year. It’s recently surfaced that it has a serious security vulnerability, and Microsoft is recommending … Continue reading
URL bar spoofing vulnerability
Lucas Adamski
Issue The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page. Impact to users If a user visits a page hosting this malicious code, a new window or … Continue reading