There’s been confusion today about the work we’re doing on our root store, the set of trusted certificate authorities shipped with Mozilla products. The short story is this: we’re removing … Read more
Privacy isn’t always easy. We’re close to landing some changes in the Firefox development tree that will fix a privacy leak that browsers have been struggling with for some time. … Read more
Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. This release contains a number of security fixes, including a fix to Secunia Advisory SA38608 which was previously … Read more
Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was … Read more
Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, … Read more
When fixing any bug, there is a risk of introducing new bugs, which we call regressions. Regressions caused by security fixes can be especially problematic because shipping a buggy security … Read more
Important Note: One of the malware results has been verified to be a false positive. Further details are available here: http://blog.mozilla.org/addons/2010/02/09/update-on-the-amo-security-issue/ Original blog entry follows below. Two add-ons in the … Read more
[This post originally appeared on Mozilla Developer News] We hate crashes. When Firefox crashes, we try to get you back on your feet as quickly as possible, but we’d much … Read more
Mike Shaver has posted an update on the situation surrounding our blocking of the .Net Framework Assistant and WPF plugin. In it, he discusses the current state of affairs, the … Read more
Mike Shaver, Mozilla’s Vice President of Engineering writes: I’ve previously posted about the .NET Framework Assistant add-on that was delivered via Windows Update earlier this year. It’s recently surfaced that … Read more
A little over a month ago, I talked about a project we had started to inform users when their plugins were out of date. This is a really important project … Read more
As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework … Read more