Articles tagged with “Security”

Introducing the ASan Nightly Project

Every day, countless Mozillians spend numerous hours testing Firefox to ensure that Firefox users get a stable and secure product. However, no product is bug free and, despite all of … Read more

Secure Contexts Everywhere

Since Let’s Encrypt launched, secure contexts have become much more mature. We have witnessed the successful restriction of existing, as well as new features to secure contexts. The W3C TAG … Read more

Improving AES-GCM Performance

AES-GCM is a NIST standardised authenticated encryption algorithm (FIPS 800-38D). Since its standardisation in 2008 its usage increased to a point where it is the prevalent encryption used with TLS. … Read more

June is Internet Safety Month!

Happy Internet Safety Month, everyone! In today’s world it is more critical than ever to be aware of security risks online. High-profile and broad attacks made news quite a bit … Read more

Heartbleed Security Advisory

Issue OpenSSL is a widely-used cryptographic library which implements the TLS protocol and protects communications on the Internet. On April 7, 2014, a bug in OpenSSL known as “Heartbleed” was … Read more

Adding Web Applications to the Security Bug Bounty Program

Many people are not aware that we have paid a bounty in the past on web application security vulnerabilities which impact client security. We have only paid on critical or extraordinary web application vulnerabilities which have a direct impact against the client. We are now going to include critical and high severity web applications vulnerabilities. So we are giving a range starting at $500 (US) for high severity and, in some cases, may pay up to $3000 (US) for extraordinary or critical vulnerabilities. Read more

Cooling Down the Firesheep

There have been a number of reports about a new Firesheep tool that exposes a weakness in website security, letting attackers snoop on people using public networks, steal their cookies, … Read more

X-Frame-Options

One of the security enhancements included with Firefox 3.6.9 is support for the x-frame-options header. This optional header can be included within the HTTP response to instruct the client’s browser on whether the returned content is allowed to be framed by other pages. Read more

New CSS Grammar Fuzzer

Mozilla’s Jesse Ruderman just blogged about a new CSS grammar fuzzer of his, to go along with the JS fuzzer we announced a while ago. Fuzzers are a tool that … Read more