Untrusted text in security dialogs
I just gave a 10-minute lightning talk at SOUPS on the topic of untrusted text in security dialogs. I've been reading Firefox security bug reports over the years, and I've collected a list of things...
View ArticleRapid releases and security
Several people have asked me whether Mozilla's move to rapid releases has helped or hurt Firefox's security. I think the new cadence has helped security overall, but it is interesting to look at both...
View ArticleSecure and compatible
Previously, I discussed some of the ways Firefox's new rapid release process improves its security. But improving Firefox's security only helps users who actually update, and some people have expressed...
View ArticleImproving intranet compatibility
Some organizations are reluctant to keep their browsers up-to-date because they worry that internal websites might not be compatible. Organization-internal sites can have unusual compatibility...
View ArticleLessons from JS engine bugs
Last week, I asked Luke Wagner to explain some security bugs that he fixed in the past. I hoped to learn from each bug at multiple levels, in ways that could help prevent future security bugs from...
View ArticleClik here to view.
Releasing jsfunfuzz and DOMFuzz
Today I'm releasing two fuzzers: jsfunfuzz, which tests JavaScript engines, and DOMFuzz, which tests layout and DOM APIs. Over the last 11 years, these fuzzers have found 6450 Firefox bugs, including...
View Article