Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, … Read more
Important Note: One of the malware results has been verified to be a false positive. Further details are available here: http://blog.mozilla.org/addons/2010/02/09/update-on-the-amo-security-issue/ Original blog entry follows below. Two add-ons in the … Read more
Mike Shaver, Mozilla’s Vice President of Engineering writes: I’ve previously posted about the .NET Framework Assistant add-on that was delivered via Windows Update earlier this year. It’s recently surfaced that … Read more
Issue The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page. Impact to users If a user visits … Read more
In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these … Read more
Issue A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code. … Read more
Issue The pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido Landi (http://www.securityfocus.com/bid/34235) are both critical issues that can result in malicious … Read more
There has been some interest in the last few days about a recent report from a company called Bit9 about application vulnerabilities. While we’re always happy to see stories that … Read more
Issue A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page. Impact If a … Read more
Issue A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be … Read more
TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0. This issue is currently under investigation. To protect our users, the details of the issue … Read more
As today’s headlines confirm, there is still a lot of confusion about what happened to the Vietnamese language pack, who is impacted, and what that impact really is. First of … Read more