Articles Tagged with "Mozilla"


From the Web

Performance Primatives

October 21, 2010 from: Rsnake's blog at ha.ckers.org

Intel, Mozilla and Adobe. How are these companies related, you may ask? Well all of them care about performance. A year or so ago I was hanging out with the Intel guys and they informed me that they have a series of low level performance primitives that they surface through APIs. At the time I wasn't quite sure what to make of it.

Comments  (0)


From the Web

Obfuscated URLs within iframes

October 06, 2010 from: Mozilla Security Blog

Issue There has been discussion today about a Firefox feature that warns users when a site’s URL is deceptive. When a Firefox user visits a site with a url that might be deceptive (e.g. http://www.good.com@evil.com/) , Firefox will stop the load and confirm with the user that they are really visiting the site they expected to visit (in this example, evil.com is the ...

Comments  (0)


From the Web

Mozilla Plans Fix for CSS History Hack

March 31, 2010 from: Rsnake's blog at ha.ckers.org

The CSS history hack is soon going to close. If you look at the original Bugzilla thread this is something that Mozilla had marked as a P1 bug since 2002. You heard me right, this P1 bug has been open for 8 years. And here we are, on the cusp of an actual fix.

Comments  (0)


From the Web

Mozilla - Plugging the CSS History Leak

March 31, 2010 from: Mozilla Security Blog

From the Mozilla Security Blog - We’re close to landing some changes in the Firefox development tree that will fix a privacy leak that browsers have been struggling with for some time. We’re really excited about this fix, we hope other browsers will follow suit. It’s a tough problem to fix, though, so I’d like to describe how we ended up with this approach.

Comments  (1)


From the Web

Fixing security holes without introducing new bugs

February 10, 2010 from: Mozilla Security Blog

When fixing any bug, there is a risk of introducing new bugs, which we call regressions. Regressions caused by security fixes can be especially problematic because shipping a buggy security update can erode user trust for future updates.

Comments  (0)


From the Web

Call for Input on Content Security Policy

October 14, 2009 from: Rsnake's blog at ha.ckers.org

For those of you who have been following the much anticipated Content Security Policy - you’ll be excited to know it’s currently available for early preview. The guys at Mozilla have a blog post explaining the details of where Content Security Policy is and asking for input. As you’d expect it’s not as full featured as it will probably end up being when it finally gets rele...

Comments  (0)


From the Web

Mozilla Plugin Check Now Live

October 13, 2009 from: Mozilla Security Blog

A little over a month ago, I talked about a project we had started to inform users when their plugins were out of date. This is a really important project for us, because old versions of plugins can cause crashes and other stability problems, and can also be a major security risk. In the first phase, we focused on the popular Adobe Flash Player plugin, and we were thrilled to see more than 10 mill...

Comments  (0)


From the Web

A Glimpse Into the Future of Browser Security

September 30, 2009 from: Mozilla Security Blog

As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.

Comments  (0)


From the Web

Plugin Updating Project: Follow up

September 16, 2009 from: Mozilla Security Blog

I wrote last week about a new project we’ve [Mozilla] started, informing our users when they’re running out of date versions of popular plugins. We focused our initial efforts on the Adobe Flash Player and now, a week after launch, Mozilla’s Numerator, Ken Kovash, has a blog post up looking at the results.

Comments  (0)


From the Web

Why some Firefox users choose not to update

August 25, 2009 from: Mozilla Security Blog

The best way for users to stay safe online is to use an updated browser. While most Firefox users get updated quickly, some fall behind for various reasons. We’re looking for ways to increase uptake while still preserving user choice.

Comments  (0)


From the Web

URL bar spoofing vulnerability

July 28, 2009 from: Mozilla Security Blog

Firefox - The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.

Comments  (0)


From the Web

Locking up the valuables: Opt-in security with ForceTLS

July 28, 2009 from: Mozilla Security Blog

Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication.  A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...

Comments  (1)


From the Web

Firefox crash not exploitable (CVE-2009-2479)

July 19, 2009 from: Mozilla Security Blog

In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no ex...

Comments  (1)


From the Web

Measure What Matters – The SEC Essentials

July 14, 2009 from: Mozilla Security Blog

People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record. That’s great news; not only does it help inform users, but it also lets browser authors know where they stand, and w...

Comments  (0)


From the Web

Critical JavaScript vulnerability in Firefox 3.5

July 14, 2009 from: Mozilla Security Blog

A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.

Comments  (2)


From the Web

Measure What Matters - The SEC Essentials

July 10, 2009 from: Mozilla Security Blog

People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record.

Comments  (0)

Page « < 1 - 2 > »