03.06.09 - 02:50pm
Security metrics are very difficult to do well, and easy to do poorly. For example, take a look at the recent Secunia “2008 Report” (http://secunia.com/gfx/Secunia2008Report.pdf). It tries to break down vulnerabilities reported by browser, and specifically states:
31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those
publicly disclosed prior to [...]
Category: Firefox, Musings, Security, Uncategorized | | 29 Comments »
12.10.08 - 12:15pm
I will be leaving Mozilla at the end of the year. I am sad to be leaving, but I am excited to go work on something I have always been passionate about. I wish I could tell you about it now, but that will have to wait for a while.
You will still get Mozilla security [...]
Category: Announcements, Uncategorized | | Comments Off
02.08.08 - 06:38am
Firefox 2.0.0.12 is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
Category: Uncategorized | | Comments Off
11.27.07 - 12:20pm
Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3. An attacker can lure a victim to load a web page with an embedded media object or a file in an email, triggering a bounds checking error in QuickTime that may allow execution of arbitrary code. This issue impacts QuickTime on Windows and [...]
Category: Uncategorized | | Comments Off
10.19.07 - 11:06am
Firefox 2.0.0.8 was released yesterday as part of our continuing efforts to improve the security of the web browser. This security update contains fixes for security issues described here and an additional mitigation for Windows URI handling security issues. Please be sure to update your installation of Firefox when automatic update asks, or to get [...]
Category: Uncategorized | | Comments Off
10.01.07 - 02:17pm
How can Mozilla be open about security issues without exposing users to additional risk?
Being open about security issues means that users have the information they need to understand their risk, that the community can contribute to the security process, and that other software development projects can benefit from our experiences. Unfortunately, sharing the details of [...]
Category: Security, Uncategorized | | Comments Off
09.12.07 - 06:07pm
Issue
Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code.
Impact
If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a vulnerability in Quicktime to compromise Firefox or the local machine. This can happen while browsing or by [...]
Category: Uncategorized | | Comments Off
08.20.07 - 03:42pm
Time again to rally the infosec professionals for drinks at O’Neill’s. See you there.
http://www.sockpuppet.org/baysec/
Category: Uncategorized | | 1 Comment »