|
Mozilla Security Blog
|
-
Responding to Claims of Compromise
Issue A hacking group called “AnonGhost” is claiming they have compromised “Mozilla Emails Managers” and exposed the email address and a 16-character value for 50 accounts. Upon investigation we’ve determined the 16-character values are not user passwords. Instead, they are … Continue reading
-
Web Developer Security 1.0
Raymond Forbes and I will be presenting Web Developer Security 1.0 on Tuesday, June 18th at 12:15 pm PDT. The training will be held in Mozilla’s Mountain View office and also broadcast online. We will cover a grab bag of … Continue reading
-
Content Security Policy 1.0 Lands In Firefox
Content Security Policy (usually abbreviated as CSP) is a way for web pages to restrict the sites allowed to include content within the page. It also can restrict whether inline scripts are allowed to run and inline styles/CSS are allowed … Continue reading
-
Mixed Content Blocking in Firefox Aurora
Firefox 23 moved from Nightly to Aurora this week, bundled with a new browser security feature. The Mixed Content Blocker is enabled by default in Firefox 23 and protects our users from man-in-the-middle attacks and eavesdroppers on HTTPS pages. When … Continue reading
-
Orangfuzz – an experimental user interaction fuzzer for Firefox OS
One of the goals of the fuzzing team is to identify security vulnerabilities within our products using various techniques. As we continue working with Firefox OS, we need to build and adapt the proper tools to enable fuzz testing on … Continue reading
-
We’re doing a Reddit AMA!
Members of the Mozilla Security community will be participating in an “Ask Me Anything (AMA)” even on Reddit tomorrow, 27-March-2013. We anticipate to run this for 24 hours from March 27th at 6:00 am PDT through March 28th at 6:00 … Continue reading
-
Mozilla and Pwn2Own Event
This week the Pwn2Own competition took place as part of the CanSecWest security conference. The Pwn2Own competition provides cash rewards for individuals that are able to demonstrate a security vulnerability in browsers or the browser plugins Flash and Java. Researchers … Continue reading
-
Announcing Version 2.1 of Mozilla CA Certificate Policy
Mozilla released version 2.1 of the Mozilla CA Certificate Policy. This version adds a requirement for either the technical constraint or the audit of subordinate CA certificates, and requires CAs who issue SSL certificates to comply with the CA/Browser Forum … Continue reading
-
Using CryptoStick as an HSM
Mozilla maintains a wide range of services which are secured using different solutions. For internal repositories, our Operations Security team has chosen to use the low-cost, open source and open hardware CryptoStick from the German Privacy Foundation. Advantages of using … Continue reading
-
Putting Users in Control of Plugins
Mozilla is changing the way Firefox loads third party plugins such as Flash, Java and Silverlight. This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins … Continue reading
|
|
Mozilla 