Issue Entrust, Inc., a certificate authority in Mozilla’s root program, has informed us that one of their subordinate CAs, the Malaysian company DigiCert Sdn. Bhd, has issued 22 certificates with … Read more
Earlier this year I wrote about some of the challenges of scaling security efforts in an organization, and I mentioned that we are working to adopt better tooling to assist … Read more
We’re nearly three quarters the way through 2011 and we wanted to provide an update on the progress of the Mozilla bug bounty programs. The goal of the Mozilla bounty … Read more
We’re committed to security at Mozilla and take every opportunity throughout the development lifecycle to integrate security controls, guidance and verification. One of the items that we’ve found successful thus … Read more
UPDATE 10.18.11: Today, Oracle is releasing a patch update to Java SE to address this vulnerability. We recommend that users update their Java plugin to ensure that they have the … Read more
Mozilla will be sending several security folks to this year’s OWASP AppSecUSA conference held in Minneapolis, MN on Thursday and Friday (Sept 22, 23). Stop by and find one of … Read more
Earlier this week we revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted … Read more
Update (Sept. 6, 2011 @10:37 a.m. PT): New security updates for Firefox are now available. Update (8.30.11 @ 11:25 p.m. PT) Mozilla just released an update to Firefox for Desktop, … Read more
On Thursday, Aug 25, Mozilla will be hosting the OWASP Bay Area chapter meeting. This free event will bring together nearly 100 security experts in the bay area to discuss … Read more
“The journey of a thousand miles begins with one step.” ~ Lao Tzu “If you do what you’ve always done, you’ll get what you’ve always gotten.” ~ Anthony Robbins We’ve … Read more
Michael Coates from Mozilla’s Infrastructure Security team presented on top web security threats and how new security controls in Firefox can be leveraged to increase the security of a website … Read more
Issue There is a specific security issue with the WebGL implementation in Firefox 4. Impact to users This issue allows attackers to capture screen shots of private or confidential information. … Read more