Quicktime to Firefox issue

Issue Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code. Impact If Firefox is the default browser when a user plays a malicious … Read more

August BaySec is Tonight

Time again to rally the infosec professionals for drinks at O’Neill’s.  See you there.  http://www.sockpuppet.org/baysec/

Mike Shaver, ten days, and expletives

Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When … Read more

JavaScript fuzzer available

Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox … Read more

Off to Black Hat!

I’m heading to Las Vegas tomorrow for the Black Hat Briefings. If you’re in town you can catch me speaking on Thursday morning on Building and Breaking the Browser. You … Read more

Firefox 2.0.0.6 now available

We’ve just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external … Read more

BaySec is tonight!

If you are a security geek in the bay area, find your way to O’Niell’s on 3rd and King Street in San Francisco at 7pm to meet up at BaySec. … Read more