Measure What Matters – The SEC Essentials
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to … Read more
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to … Read more
Issue The pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido Landi (http://www.securityfocus.com/bid/34235) are both critical issues that can result in malicious … Read more
Mozilla’s Jesse Ruderman just blogged about a new CSS grammar fuzzer of his, to go along with the JS fuzzer we announced a while ago. Fuzzers are a tool that … Read more
Security metrics are very difficult to do well, and easy to do poorly. For example, take a look at the recent Secunia “2008 Report” (http://secunia.com/gfx/Secunia2008Report.pdf). It tries to break down … Read more
Issue Researchers have recently found weaknesses in the MD5 hash algorithm, relied on by some SSL certificates. Using these weaknesses, an attacker could obtain fraudulent SSL certificates for websites they … Read more
There has been some interest in the last few days about a recent report from a company called Bit9 about application vulnerabilities. While we’re always happy to see stories that … Read more
I will be leaving Mozilla at the end of the year. I am sad to be leaving, but I am excited to go work on something I have always been … Read more
Issue A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading. Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to … Read more
Issue A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page. Impact If a … Read more
Issue A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be … Read more
Mozilla has been working with security researcher and analyst Rich Mogull for a few months now on a project to develop a metrics model to measure the relative security of … Read more
A recent report identified Firefox users as most likely to be running the latest version of the browser at any point in time. Brian Krebs at the Washington Post comments … Read more