Home arrow Mozilla
Mozilla Security Blog
  • Update on reviewing our data practices and Bugzilla development database disclosure
    As we indicated in the post titled “MDN Disclosure”, we began several remediation measures, including a review of data practices surrounding user data. We have kicked off a larger project to better our practices around data, including with respect to … Continue reading

  • mozilla::pkix ships in Firefox!
    In April, we announced an upcoming certificate verification library designed from the ground up to be fast and secure. A few weeks ago, this new library – known as “mozilla::pkix” – shipped with Firefox and is enabled by default. Please … Continue reading

  • MDN Database Disclosure
    We have just concluded an investigation into a disclosure affecting members of Mozilla Developer Network. We began investigating the incident as soon as we learned of the disclosure. The issue came to light ten days ago when one of our … Continue reading

  • Improving Malware Detection in Firefox
    We are always looking for ways to help protect people better from the constant threat of malicious software. For years Firefox has utilized Google’s Safe Browsing phishing and malware protection to help keep you from accidentally visiting dangerous sites. This … Continue reading

  • June is Internet Safety Month!
    Happy Internet Safety Month, everyone! In today’s world it is more critical than ever to be aware of security risks online. High-profile and broad attacks made news quite a bit in the last year. From the Heartbleed vulnerability to spikes … Continue reading

  • Introducing Mozilla Winter of Security 2014
    At Mozilla, we have a loosely formed group called Security Automation, where people who build security tools can meet, exchange ideas, and show their work. We build projects around applications and operations security. Some of the things we’ve worked on … Continue reading

  • Checking Compliance Status with Updated CA Certificate Policy
    In early 2013 Mozilla released version 2.1 of Mozilla’s CA Certificate Policy, which added a requirement for either the technical constraint or the audit of subordinate CA certificates, and requires CAs who issue SSL certificates to comply with the CA/Browser … Continue reading

  • Hack in the Box HackWeekDay 2014
    The Mozilla security team is proud to be once again sponsoring the Hack-in-the-Box HackWeekDay competition, this time at the Haxpo conference in Amsterdam, 28-30 May 2014. Come learn about Firefox OS, make apps to compete for great prizes and help … Continue reading

  • $10,000 Security Bug Bounty for Certificate Verification
    Firefox developer builds (“Nightly“) are now using a new certificate verification library we’ve been working on for some time, and this code is on track to be released as part of Firefox 31 in July. As we’ve all been painfully reminded recently (Heartbleed, … Continue reading

  • Exciting Updates to Certificate Verification in Gecko
    Today we’re excited to announce a new certificate verification library for Mozilla Products – mozilla::pkix! While most users will not notice a difference, the new library is more robust and maintainable. The new code is more robust because certificate path … Continue reading


Angelo Castigliola     View Photos of Angelo (8)
    Send Angelo a Message
Sec and Sec-Tech Newsletter
Email:





Upcoming Events