Articles Tagged with "Mozilla"
From the Web
Performance Primatives
October 21, 2010 from: Rsnake's blog at ha.ckers.org
Intel, Mozilla and Adobe. How are these companies related, you may ask? Well all of them care about performance. A year or so ago I was hanging out with the Intel guys and they informed me that they have a series of low level performance primitives that they surface through APIs. At the time I wasn't quite sure what to make of it.
Comments (0)
From the Web
Obfuscated URLs within iframes
October 06, 2010 from: Mozilla Security Blog
Issue There has been discussion today about a Firefox feature that warns users when a site’s URL is deceptive. When a Firefox user visits a site with a url that might be deceptive (e.g. http://www.good.com@evil.com/) , Firefox will stop the load and confirm with the user that they are really visiting the site they expected to visit (in this example, evil.com is the ...
Comments (0)
From the Web
Mozilla Plans Fix for CSS History Hack
March 31, 2010 from: Rsnake's blog at ha.ckers.org
The CSS history hack is soon going to close. If you look at the original Bugzilla thread this is something that Mozilla had marked as a P1 bug since 2002. You heard me right, this P1 bug has been open for 8 years. And here we are, on the cusp of an actual fix.
Comments (0)
From the Web
Mozilla - Plugging the CSS History Leak
March 31, 2010 from: Mozilla Security Blog
From the Mozilla Security Blog - We’re close to landing some changes in the Firefox development tree that will fix a privacy leak that browsers have been struggling with for some time. We’re really excited about this fix, we hope other browsers will follow suit. It’s a tough problem to fix, though, so I’d like to describe how we ended up with this approach.
Comments (1)
From the Web
Fixing security holes without introducing new bugs
February 10, 2010 from: Mozilla Security Blog
When fixing any bug, there is a risk of introducing new bugs, which we call regressions. Regressions caused by security fixes can be especially problematic because shipping a buggy security update can erode user trust for future updates.
Comments (0)
From the Web
Call for Input on Content Security Policy
October 14, 2009 from: Rsnake's blog at ha.ckers.org
For those of you who have been following the much anticipated Content Security Policy - you’ll be excited to know it’s currently available for early preview. The guys at Mozilla have a blog post explaining the details of where Content Security Policy is and asking for input. As you’d expect it’s not as full featured as it will probably end up being when it finally gets rele...
Comments (0)
From the Web
Mozilla Plugin Check Now Live
October 13, 2009 from: Mozilla Security Blog
A little over a month ago, I talked about a project we had started to inform users when their plugins were out of date. This is a really important project for us, because old versions of plugins can cause crashes and other stability problems, and can also be a major security risk. In the first phase, we focused on the popular Adobe Flash Player plugin, and we were thrilled to see more than 10 mill...
Comments (0)
From the Web
A Glimpse Into the Future of Browser Security
September 30, 2009 from: Mozilla Security Blog
As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.
Comments (0)
From the Web
Plugin Updating Project: Follow up
September 16, 2009 from: Mozilla Security Blog
I wrote last week about a new project we’ve [Mozilla] started, informing our users when they’re running out of date versions of popular plugins. We focused our initial efforts on the Adobe Flash Player and now, a week after launch, Mozilla’s Numerator, Ken Kovash, has a blog post up looking at the results.
Comments (0)
From the Web
Why some Firefox users choose not to update
August 25, 2009 from: Mozilla Security Blog
The best way for users to stay safe online is to use an updated browser. While most Firefox users get updated quickly, some fall behind for various reasons. We’re looking for ways to increase uptake while still preserving user choice.
Comments (0)
From the Web
URL bar spoofing vulnerability
July 28, 2009 from: Mozilla Security Blog
Firefox - The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.
Comments (0)
From the Web
Locking up the valuables: Opt-in security with ForceTLS
July 28, 2009 from: Mozilla Security Blog
Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication. A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...
Comments (1)
From the Web
Firefox crash not exploitable (CVE-2009-2479)
July 19, 2009 from: Mozilla Security Blog
In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no ex...
Comments (1)
From the Web
Measure What Matters – The SEC Essentials
July 14, 2009 from: Mozilla Security Blog
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record. That’s great news; not only does it help inform users, but it also lets browser authors know where they stand, and w...
Comments (0)
From the Web
Critical JavaScript vulnerability in Firefox 3.5
July 14, 2009 from: Mozilla Security Blog
A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.
Comments (2)
From the Web
Measure What Matters - The SEC Essentials
July 10, 2009 from: Mozilla Security Blog
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record.
Comments (0)
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor