Security Articles
-
Firefox OS Security: Part 2 – User Experience and Security Updates
When presenting Firefox OS to people, security is a big topic. Can an operating system built on web technologies be secure? What has Mozilla built in to avoid drive-by downloads and malware? How can a browser-based app be secure without making the UX suffer by asking the user to react to a lot of “do […]
-
Firefox OS Security: Part 1 – The Web Security Model
When presenting Firefox OS to people, security is a big topic. Can an operating system built on web technologies be secure? What has Mozilla built in to avoid drive-by downloads and malware? In this two part video series Christian Heilmann (@codepo8), principal evangelist of Mozilla, talks to Michael Coates (@_mwc), chair of @OWASP Board about […]
-
Content Security Policy 1.0 lands in Firefox Aurora
The information in this article is based on work together with Ian Melven, Kailas Patil and Tanvi Vyas. We have just landed support for the Content Security Policy (CSP) 1.0 specification in Firefox Aurora (Firefox 23), available as of tomorrow (May 30th). CSP is a security mechanism that aims to protect a website against content […]
-
Privacy policy guidelines and Template for web apps
Releasing an app is much more than just coding it. You are providing a service to people and they trust you with their data. With the amount of reports of apps “calling home” and storing and sending your data to third parties without your consent rising it is important to make it plain and obvious […]
-
An interesting way to determine if you are logged into social web sites
Do you remember the trick how to find out that you went to certain web sites by analysing link colour (now patched in Firefox)? There is much your browser tells about you if you just create a few HTML elements. Mike Cardwell has found an interesting way to detect if you are logged into social […]
-
ECMAScript 5 strict mode in Firefox 4
Editor’s note: This article is posted by Chris Heilmann but authored by Jeff Walden – credit where credit is due. Developers in the Mozilla community have made major improvements to the JavaScript engine in Firefox 4. We have devoted much effort to improving performance, but we’ve also worked on new features. We have particularly focused […]
-
WebSocket disabled in Firefox 4
Recent discoveries found that the protocol that Websocket works with is vulnerable to attacks. Adam Barth demonstrated some serious attacks against the protocol that could be used by an attacker to poison caches that sit in between the browser and the Internet. This is a serious threat to the Internet and Websocket and not a […]
-
Firefox 4: HTTP Strict Transport Security (force HTTPS)
This article is about a new HTTPS header: Strict-Transport-Security, which force a website to be fetched through HTTPS. This feature will be part of Firefox 4. How do you type URLs? Do you prefix them with http:// or https:// systematically? Or do you just type example.com and let your browser add http://, like most of […]
-
Account Manager coming to Firefox
Update: The Account Manager is no longer maintained. Building on this experiment, we have conceived BrowserID. Please consider using it instead. Last month Mozilla Labs announced a new concept series on online identity. As part of this exploration, we developed the Account Manager. The Account Manager makes it incredibly easy for users to create new […]
-
mozilla developer preview 4 ready for testing
Note: this is a re-post of the entry in the Mozilla Project Development Weblog. There’s some juicy stuff in here for Web Developers that need testing. In particular, this is the first build with the CSS history changes. As part of our ongoing platform development work, we’re happy to announce the fourth pre-release of the […]