Before loading a URI, Firefox enforces numerous content security checks verifying that web content can not perform malicious actions. As a first line of defense for example, Firefox enforces the … Read more
Protection against malicious downloads was added in Firefox 31 on Windows and in Firefox 39 on Mac and Linux. Thanks to Google’s expansion of their Safe Browsing service, Firefox 48 … Read more
This article has been coauthored by Aislinn Grigas, Senior Interaction Designer, Firefox Desktop Over the past few months, Mozilla has been improving the user experience of our privacy and security … Read more
As part of our commitment to protect the privacy of our users, Mozilla will disable the insecure RC4 cipher in Firefox in late January 2016, beginning with Firefox 44. Mozilla … Read more
In response to recent developments attacking Diffie-Hellman key exchange (https://weakdh.org/) and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman … Read more
Today we are announcing our intent to phase out non-secure HTTP. There’s pretty broad agreement that HTTPS is the way forward for the web. In recent months, there have been … Read more
The purpose of the HTTP Referer (sic) header is to help sites figure out where their traffic comes from. However, as the Web got more complex, the amount of information … Read more
We have just concluded an investigation into a disclosure affecting members of Mozilla Developer Network. We began investigating the incident as soon as we learned of the disclosure. The issue … Read more
Happy Internet Safety Month, everyone! In today’s world it is more critical than ever to be aware of security risks online. High-profile and broad attacks made news quite a bit … Read more
The Mozilla security team is proud to be once again sponsoring the Hack-in-the-Box HackWeekDay competition, this time at the Haxpo conference in Amsterdam, 28-30 May 2014. Come learn about Firefox … Read more
HITBSecConf HackWeekDay 2013 Mozilla is proud to be once again sponsoring HackWeekDay at the Hack-in-the-Box security conference in Malaysia in October. The event is a chance for developers – both … Read more
OCSP Stapling has landed in the latest Nightly builds of Firefox! OCSP stapling is a mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, … Read more