1. Privacy policy guidelines and Template for web apps

    • by Chris HeilmannApps, Featured Article, privacy, Security3 comments

    Releasing an app is much more than just coding it. You are providing a service to people and they trust you with their data. With the amount of reports of apps “calling home” and storing and sending your data to third parties without your consent Read more…

  2. An interesting way to determine if you are logged into social web sites

    • by Chris HeilmannIdentity, JavaScript, Research, Security14 comments

    Do you remember the trick how to find out that you went to certain web sites by analysing link colour (now patched in Firefox)? There is much your browser tells about you if you just create a few HTML elements. Mike Cardwell has found an Read more…

  3. ECMAScript 5 strict mode in Firefox 4

    • by Chris HeilmannFirefox 4, JägerMonkey, JavaScript, Security, TraceMonkey26 comments

    Editor’s note: This article is posted by Chris Heilmann but authored by Jeff Walden – credit where credit is due. Developers in the Mozilla community have made major improvements to the JavaScript engine in Firefox 4. We have devoted much effort to improving performance, but Read more…

  4. WebSocket disabled in Firefox 4

    • by Chris HeilmannFirefox, Firefox 4, Security, WebSocket47 comments

    Recent discoveries found that the protocol that Websocket works with is vulnerable to attacks. Adam Barth demonstrated some serious attacks against the protocol that could be used by an attacker to poison caches that sit in between the browser and the Internet. This is a Read more…

  5. Firefox 4: HTTP Strict Transport Security (force HTTPS)

    • by Paul RougetFirefox 4, Security41 comments

    This article is about a new HTTPS header: Strict-Transport-Security, which force a website to be fetched through HTTPS. This feature will be part of Firefox 4. How do you type URLs? Do you prefix them with http:// or https:// systematically? Or do you just type Read more…

  6. Account Manager coming to Firefox

    • by Dan MillsFirefox, Identity, Security74 comments

    Update: The Account Manager is no longer maintained. Building on this experiment, we have conceived BrowserID. Please consider using it instead. Last month Mozilla Labs announced a new concept series on online identity. As part of this exploration, we developed the Account Manager. The Account Read more…

  7. mozilla developer preview 4 ready for testing

    • by Christopher BlizzardFeatured Article, Firefox, Performance, Security, Standards8 comments

    Note: this is a re-post of the entry in the Mozilla Project Development Weblog. There’s some juicy stuff in here for Web Developers that need testing. In particular, this is the first build with the CSS history changes. As part of our ongoing platform development Read more…

  8. privacy-related changes coming to CSS :visited

    • by Christopher BlizzardCSS, Firefox, Security171 comments

    For more information about this, have a look at David Baron’s post, the bug and the post on the security blog. For many years the CSS :visited selector has been a vector for querying a user’s history. It’s not particularly dangerous by itself, but when Read more…

  9. mitigating attacks with content security policy

    • by Christopher BlizzardDemo, Feature, Firefox, Security, Standards5 comments