August BaySec is Tonight
Window Snyder
Time again to rally the infosec professionals for drinks at O’Neill’s. See you there. http://www.sockpuppet.org/baysec/
Feedback from Opera on Mozilla JavaScript fuzzer
Window Snyder
Claudio Santambrogio at Opera posted that they have been running the Mozilla JavaScript fuzzer and as of Friday have found and fixed 4 issues with it. I am thrilled. This … Read more
Mike Shaver, ten days, and expletives
Window Snyder
Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When … Read more
JavaScript fuzzer available
Window Snyder
Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox … Read more
Off to Black Hat!
Window Snyder
I’m heading to Las Vegas tomorrow for the Black Hat Briefings. If you’re in town you can catch me speaking on Thursday morning on Building and Breaking the Browser. You … Read more
Firefox 2.0.0.6 now available
Window Snyder
We’ve just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external … Read more
Launching local programs through FileType handler
Window Snyder
Issue We are currently investigating an issue on Windows XP, where some urls for “web” protocols that contain %00 launch the wrong handler and appear to be able to launch … Read more
Related Security Issue in URL Protocol Handling on Windows
Window Snyder
On July 10th, I posted about a security issue in URL protocol handling on Windows. In the previous example, Internet Explorer was the entry point and Firefox was the application … Read more
BaySec is tonight!
Window Snyder
If you are a security geek in the bay area, find your way to O’Niell’s on 3rd and King Street in San Francisco at 7pm to meet up at BaySec. … Read more
Fix for Windows URL Protocol Handling Problem in Firefox 2.0.0.5
Window Snyder
Firefox 2.0.0.5 is now available and there is a fix for the URL protocol handling issue described here. We warned that other Windows applications may be vulnerable to this Internet … Read more
Security Issue in URL Protocol Handling on Windows
Window Snyder
Today security firm Secunia released an advisory on a security issue found (apparently) simultaneously and independently by Greg MacManus and Billy Rios based on a previously reported issue in Safari … Read more
Time to Deploy improvement of 25 percent
Window Snyder
Since all software has bugs, it’s more important to consider how long it takes to get a fix out when a security issue is discovered than it is to count … Read more