On Monday July, 9, 2012, approximately 250,000 internet users may lose access to the internet because of changes made to their computers by a malicious virus. The virus that caused … Read more
“Subscription trap” websites prey on users who are trying to download legitimate free software. These sites trick users into paying for expensive subscriptions for otherwise free software. Some even go … Read more
In the past half year I learned quite a lot about the different fuzzing approaches that security researchers and contributors use on Firefox. Although information on the subject should be … Read more
At Mozilla we have a strong commitment to security; unfortunately due to the volume of work underway at Mozilla we sometimes have a bit of a backlog in getting security … Read more
Recently, Mozilla responded to an imminent threat to Firefox users who have an outdated Java plugin installed: Vulnerable versions of the plugin were blocked automatically (see blog post). Since then, … Read more
Mozilla recently implemented a block for older versions of Java (Version 6 Update 30 and below as well as Version 7 Update 2 and below) which are vulnerable to a … Read more
Working in application security can be frustrating. Often you’re working around problems in software you have little control over, making ugly bandaids that must stay in place until a vendor … Read more
Fuzz testing (automated, random testing) is an important part of nearly every application security life cycle. While there are a lot of tools, frameworks and harnesses available for regular desktop … Read more
In a previous blog post, I outlined how the memory error detection tool Address Sanitizier (ASan) can be used with Firefox to find memory problems with a high degree of … Read more
On Monday, February 27, security researcher Brenda Larcom came to Mozilla to present on security threat modeling. This was a discussion on the Trike methodology for threat modeling that she … Read more
On Tuesday 28th February, Mark Goodwin from Mozilla’s Application Security team will be presenting a guest lecture at the University of Warwick. This session will introduce students to web security … Read more
We’ve decided to reorganize our security teams and as part of the change we are going to be using this blog in some new ways. The most notable change is … Read more