Mozilla Security Blog

MWoS: Improving ssh_scan Scalability and Feature Set

Jonathan Claudius

October 16, 2017

Editors Note: This is a guest post by Ashish Gaurav, Harsh Vardhan, and Rishabh Saxena Maintaining a large number of servers and keeping them secure is a tough job! System … Read more

Treating data URLs as unique origins for Firefox 57

Christoph Kerschbaumer

October 4, 2017

The data URL scheme provides a mechanism which allows web developers to inline small files directly in an HTML (or also CSS) document. The main benefit of data URLs is … Read more

Improving AES-GCM Performance

Franziskus Kiefer

September 29, 2017

AES-GCM is a NIST standardised authenticated encryption algorithm (FIPS 800-38D). Since its standardisation in 2008 its usage increased to a point where it is the prevalent encryption used with TLS. … Read more

Verified cryptography for Firefox 57

Benjamin Beurdouche

September 13, 2017

Traditionally, software is produced in this way: write some code, maybe do some code review, run unit-tests, and then hope it is correct. Hard experience shows that it is very … Read more

Mozilla Releases Version 2.5 of Root Store Policy

Kathleen Wilson

September 7, 2017

Recently, Mozilla released version 2.5 of our Root Store Policy, which continues our efforts to improve standards and reinforce public trust in the security of the Web. We are grateful … Read more

Removing Disabled WoSign and StartCom Certificates from Firefox 58

Kathleen Wilson

August 30, 2017

In October 2016, Mozilla announced that, as of Firefox 51, we would stop validating new certificates chaining to the root certificates listed below that are owned by the companies WoSign … Read more

A Security Audit of Firefox Accounts

Greg Guthe

July 18, 2017

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Firefox Accounts (FxA) that Cure53 conducted last … Read more

Analysis of the Alexa Top 1M sites

April King

June 28, 2017

Prior to the release of the Mozilla Observatory a year ago, I ran a scan of the Alexa Top 1M websites. Despite being available for years, the usage rates of … Read more

Relaunching Mozilla’s Web Security Bounty Program

April King

May 11, 2017

Today we are announcing the relaunch of our web security bug bounty program, creating greater transparency into how we handle web security bug bounty payouts. History Bug bounty programs started … Read more

Mozilla Releases Version 2.4 of CA Certificate Policy

Kathleen Wilson

April 4, 2017

Mozilla has released version 2.4.1 of Mozilla’s CA Certificate Policy and sent a CA Communication to inform Certification Authorities (CAs) who have root certificates included in Mozilla’s program about new … Read more

The end of SHA-1 on the Public Web

J.C. Jones

February 23, 2017

Our deprecation plan for the SHA-1 algorithm in the public Web, first announced in 2015, is drawing to a close. Today a team of researchers from CWI Amsterdam and Google … Read more

Mozilla Security Bytes, ep. 1: Content Security Policy

Julien Vehent

January 29, 2017

Sharing the work we do around web and information security is an important role of Mozilla Security. We often get questions on specific security technologies, both from our engineers who … Read more