Mozilla has rolled out a new version of its Firefox browser, an update that includes patches for four critical security vulnerabilities and several less-severe bugs. IN all, Firefox 39 patches 13 vulnerabilities, including two high-risk bugs and six moderate-level ones. The most dangerous vulnerabilities, however, include a pair of use-after-free bugs in one part of […]
Tag Archives: Mozilla
Mozilla Bug Bounty Payouts Going Up
Mozilla announced that it has increased rewards for vulnerabilities submitted to its bug bounty program, and that for the first time it will pay for some bugs whose severity is rated moderate.
Privacy Proponents Rally In Favor of Tracking Protection in Firefox
Privacy advocates are calling on Mozilla to better deploy Tracking Protection, a technology that offers more stringent privacy and speeds up page loads by blocking requests to tracking domains, in its Firefox browser.
Mozilla Moving Toward Full HTTPS Enforcement in Firefox
The Mozilla Foundation announced yesterday that it is in the process making HTTP connections incompatible with its popular Firefox Web browser.
Mozilla to Remove Turkish CA From Firefox Trust Store
Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to […]
Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists
When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX. Apple on Wednesday released […]
Vulnerability Forces Mozilla to Disable Opportunistic Encryption in Firefox
Less than a week after introducing the new opportunistic encryption feature in Firefox, Mozilla has had to disable it because of a security vulnerability in the browser’s implementation of the HTTP Alternative Services specification. The bug puts a kink in the new feature, which was designed to allow clients to connect securely to a server […]
Mozilla Releases Open Source Masche Forensics Tool
Mozilla has released an open source memory forensics tool that some college students designed and built during the company’s recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine. […]
Firefox 37 to Include New OneCRL Certificate Blocklist
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]
Firefox 36 Arrives With Patches For Three Critical Flaws
Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser. One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances. “Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video […]