You are at the archive for the Security Category:

BaySec is tonight!

If you are a security geek in the bay area, find your way to O’Niell’s on 3rd and King Street in San Francisco at 7pm to meet up at BaySec. I’ll be there to celebrate shipping Firefox 2.0.0.5. I may even have some Mozilla and Firefox goodies to give out. Say hi [...]

Fix for Windows URL Protocol Handling Problem in Firefox 2.0.0.5

Firefox 2.0.0.5 is now available and there is a fix for the URL protocol handling issue described here. We warned that other Windows applications may be vulnerable to this Internet Explorer issue, and on Sunday Nate Mcfeters, Billy Rios, and Raghav Dube posted a proof of concept that demonstrates the same attack through Internet [...]

Security Issue in URL Protocol Handling on Windows

Today security firm Secunia released an advisory on a security issue found (apparently) simultaneously and independently by Greg MacManus and Billy Rios based on a previously reported issue in Safari found by Thor Larholm.
Any Windows application that calls a registered URL protocol without escaping quotes may be used to pass unexpected and potentially dangerous data [...]

Time to Deploy improvement of 25 percent

Since all software has bugs, it’s more important to consider how long it takes to get a fix out when a security issue is discovered than it is to count bugs. Number of vulnerabilities identified is a function of how many bugs are present, but is probably more influenced by things like who is [...]

Zalewski reports bugs in Firefox

The bugs Michael Zalewski posted to full-disclosure yesterday are getting some attention in the press. The information below is intended to provide some clarity on the severity of these issues and how they impact users.
Bug 382686 allows the attacker to spoof content and potentially javascript. The spoofed content would be in the attacker’s [...]

Building and Breaking the Browser at Blackhat

Mike Shaver and I will be speaking at Blackhat August 1-2, 2007 on Firefox Security. It looks like there will be a number of Mozilla folks in attendance. I hope to see some of you there.
Building and Breaking the Browser
Traditional software vendors have little interest in sharing the gory details of what is [...]

New Mozilla Security Blog

Welcome to the Mozilla Security blog. This is the place to come for updates on what is going on with security at Mozilla.