As the summer rolls around for those of us in the northern hemisphere, temperatures are high and unwinding with a cool ice tea is high on the agenda. Isn't it lucky then that Background Update is...
https://hacks.mozilla.org/2021/07/getting-lively-with-firefox-90/
We successfully deployed ThreadSanitizer in the Firefox project to eliminate data races in our remaining C/C++ components. In the process, we found several impactful bugs and can safely say that ...
https://hacks.mozilla.org/2021/04/eliminating-data-races-in-firefox-a-technical-report/
Mozilla has been fuzzing Firefox and its underlying components for a while. It has proven itself to be one of the most efficient ways to identify quality and security issues. In general, we apply...
https://hacks.mozilla.org/2021/02/browser-fuzzing-at-mozilla/
Browsers are changing the default value of the SAMESITE attribute for cookies from NONE to LAX. This will greatly improve security for users. However, some web sites may depend (even unknowingly)...
https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
At Mozilla, we want the web to be capable of running high-performance applications so that users and content authors can choose the safety, agency, and openness of the web platform. Shared-memory...
https://hacks.mozilla.org/2020/07/safely-reviving-shared-memory/
As part of Mozilla’s ongoing commitment to improve the privacy and security of the web platform, over the next few months, we will be making some changes to the Gamepad API. Starting with Firef...
Fuzzing, or fuzz testing, is an automated approach for testing the safety and stability of software. For the past 3 years, the Firefox fuzzing team has been developing a new fuzzer to identify se...
Distinguished engineer Martin Thomson explains how this problem occurred, the implications for people who might be affected, and how problems of this nature might be avoided in future. To get the...
https://hacks.mozilla.org/2020/04/twitter-direct-message-caching-and-firefox/
The release of Firefox 74 is focused on security enhancements: Feature Policy, the Cross-Origin-Resource-Policy header, and removal of TLS 1.0/1.1 support. We’ve also got some new CSS text prop...
https://hacks.mozilla.org/2020/03/security-means-more-with-firefox-74-2/
Protecting the security and privacy of individuals is a central tenet of Mozilla’s mission. While we continue to make extensive use of both sandboxing and Rust in Firefox to address security ch...
https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/
The Transport Layer Security (TLS) protocol is the de facto means for establishing security on the Web. The newest version, TLS 1.3, improves efficiency and remedies the flaws and weaknesses pres...
https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/
As you may have read last year, Safari, Firefox, Edge and Chrome browsers are removing support for TLS 1.0 and 1.1 in March of 2020. That means there’s less than a year to enable TLS 1.2 (and, ...
https://hacks.mozilla.org/2019/05/tls-1-0-and-1-1-removal-update/
There have been 69 security bugs in Firefox’s style component since the browser was first released in 2002. If we'd had a time machine and could have written this component in Rust from the sta...
https://hacks.mozilla.org/2019/02/rewriting-a-browser-component-in-rust/
Multithreading allows programs to do more faster, but adds synchronization bugs and attacks. Programming languages have evolved different concurrency strategies to help developers manage both the...
https://hacks.mozilla.org/2019/02/fearless-security-thread-safety/
Memory safety violations leave programs vulnerable to security threats like unintentional data leakage and remote code execution. There are ways to ensure memory safety, including smart pointers ...
https://hacks.mozilla.org/2019/01/fearless-security-memory-safety/
Firefox Sync lets you share your bookmarks, browsing history, passwords and other browser data between different devices, and send tabs from one device to another. We think it’s important to hi...
At Mozilla, we closely track threats to users' privacy and security. This is why we've added tracking protection to Firefox and created the Facebook container extension. In today's cartoon intro,...
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
Firefox 60 continues the evolution of Quantum. The parallel processing of Quantum CSS comes to Firefox for Android, while WebRender work is ongoing. Potch reports on two security upgrades - suppo...
https://hacks.mozilla.org/2018/05/firefox-60-modules-and-more/
One of Mozilla’s top priorities is to keep our users safe; this commitment is written into our mission. As soon as we discover a critical issue in Firefox, we plan a rapid mitigation. This post...
https://hacks.mozilla.org/2018/03/shipping-a-security-update-of-firefox-in-less-than-a-day/
A CTF (Capture the Flag) event is a type of security challenge or competition that can be used to teach or test online security. In this post, Mozilla security engineer and OWASP developer Simon ...
https://hacks.mozilla.org/2018/03/hands-on-web-security-capture-the-flag-with-owasp-juice-shop/