Archive for 'Announcements' Category
Firefox 2.0.0.7 now available
18 September 2007Firefox 2.0.0.7 was released this afternoon to patch the QuickTime issue described here. This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple. I would like to personally thank the individuals at Apple who worked with us and the engineers at Mozilla that work so […]
Feedback from Opera on Mozilla JavaScript fuzzer
6 August 2007Claudio Santambrogio at Opera posted that they have been running the Mozilla JavaScript fuzzer and as of Friday have found and fixed 4 issues with it. I am thrilled. This is exactly what we hoped would happen. Hopefully, this will encourage other vendors to share their internal security tools with everyone so […]
Mike Shaver, ten days, and expletives
6 August 2007Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When I asked him about it, he said he meant to communicate to Robert that since Mozilla got a recent security update out in […]
JavaScript fuzzer available
2 August 2007Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox browser. These tools include a fuzzer for Javascript, which has led to the discovery and resolution of dozens of critical security bugs. […]
Off to Black Hat!
30 July 2007I’m heading to Las Vegas tomorrow for the Black Hat Briefings. If you’re in town you can catch me speaking on Thursday morning on Building and Breaking the Browser.
You can also catch up with me Wednesday afternoon on the Future of Information Security panel or Thursday afternoon on the Ethics Challenge panel.
After you roll […]
Firefox 2.0.0.6 now available
30 July 2007We’ve just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external programs. This reduces the risk of malicious data being passed through Firefox to another application that may then trigger unexpected and potentially dangerous […]
BaySec is tonight!
18 July 2007If you are a security geek in the bay area, find your way to O’Niell’s on 3rd and King Street in San Francisco at 7pm to meet up at BaySec. I’ll be there to celebrate shipping Firefox 2.0.0.5. I may even have some Mozilla and Firefox goodies to give out. Say hi […]
Fix for Windows URL Protocol Handling Problem in Firefox 2.0.0.5
18 July 2007Firefox 2.0.0.5 is now available and there is a fix for the URL protocol handling issue described here. We warned that other Windows applications may be vulnerable to this Internet Explorer issue, and on Sunday Nate Mcfeters, Billy Rios, and Raghav Dube posted a proof of concept that demonstrates the same attack through Internet […]
Building and Breaking the Browser at Blackhat
4 June 2007Mike Shaver and I will be speaking at Blackhat August 1-2, 2007 on Firefox Security. It looks like there will be a number of Mozilla folks in attendance. I hope to see some of you there.
Building and Breaking the Browser
Traditional software vendors have little interest in sharing the gory details of what is […]
New Mozilla Security Blog
1 June 2007Welcome to the Mozilla Security blog. This is the place to come for updates on what is going on with security at Mozilla.