Mozilla will be sending several security folks to this year’s OWASP AppSecUSA conference held in Minneapolis, MN on Thursday and Friday (Sept 22, 23). Stop by and find one of … Read more
Earlier this week we revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted … Read more
Update (Sept. 6, 2011 @10:37 a.m. PT): New security updates for Firefox are now available. Update (8.30.11 @ 11:25 p.m. PT) Mozilla just released an update to Firefox for Desktop, … Read more
On Thursday, Aug 25, Mozilla will be hosting the OWASP Bay Area chapter meeting. This free event will bring together nearly 100 security experts in the bay area to discuss … Read more
“The journey of a thousand miles begins with one step.” ~ Lao Tzu “If you do what you’ve always done, you’ll get what you’ve always gotten.” ~ Anthony Robbins We’ve … Read more
Michael Coates from Mozilla’s Infrastructure Security team presented on top web security threats and how new security controls in Firefox can be leveraged to increase the security of a website … Read more
Issue There is a specific security issue with the WebGL implementation in Firefox 4. Impact to users This issue allows attackers to capture screen shots of private or confidential information. … Read more
Mozilla recently had the opportunity to participate in a panel discussion regarding the economics of vulnerabilities and bug bounties at the Hack in the Box conference in Amsterdam. Out of … Read more
I made a statement in my previous post, SHA-512 w/ per Users Salts about a “significant hit rate” when it comes to dictionary attacking hashes. This significant hit rate is … Read more
Back in January, I was having a causal conversation about passwords at a local gathering about security and was asked what we use for storing the passwords. I stated that … Read more
Over the weekend Mozilla led an open source boot camp at Stanford University with a great lineup of courses including a hands-on web security lab where students performed actual exploits … Read more
HTTPOnly, Secure Flag, Strict Transport Security, X-Frame-Options, Content Security Policy The vast majority of application security occurs within the application’s code. However, there are a few key security controls that … Read more