Mozilla Security Blog

At Mozilla, browser security is a critical mission, and part of that mission involves responding swiftly to new threats. Tuesday, around 8 AM Eastern time, we received a heads-up from … Read more The post Behind the Scenes: Fixing an In-the-Wild Firefox Exploit appeared first on Mozilla Security Blog.

Most of the web already supports HTTPS: In fact, 93% of requests made by Firefox are already HTTPS. As a reminder, HTTP over TLS (HTTPS) fixes the security shortcoming of HTTP … Read more The post Firefox will upgrade more Mixed Content in Version 127 appeared first on Mozilla Security Blog.

At Mozilla, we believe in an open web that is safe to use. To that end, we improve and maintain the security of people using Firefox around the world. This … Read more The post Rapidly Leveling up Firefox Security appeared first on Mozilla Security Blog.

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this … Read more The post Mozilla VPN Security Audit 2023 appeared first on Mozilla Security Blog.

Online security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep up with the advancement of … Read more The post Version 2.9 of the Mozilla Root Store Policy appeared first on Mozilla Security Blog.

The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to new key shortly. The new GPG fingerprint is … Read more The post Updated GPG key for signing Firefox Releases appeared first on Mozilla Security Blog.

In accordance with the Mozilla Manifesto, which emphasizes the open development of policy that protects users’ privacy and security, we have worked with the Mozilla community over the past several … Read more The post Upgrading Mozilla’s Root Store Policy to Version 2.8 appeared first on Mozilla Security Blog.

In our continued efforts to improve the security of the web PKI, we are taking a multi-pronged approach to tackling some long-existing problems with revocation of TLS server certificates. In … Read more The post Revocation Reason Codes for TLS Server Certificates appeared first on Mozilla Security Blog.

  For decades users have been pressing Ctrl+C or relying on copy buttons. All these tricks and shortcuts to speed up text processing have become natural and intuitive to us. … Read more The post Preventing secrets from leaking through Clipboard appeared first on Mozilla Security Blog.

In keeping with our commitment to the security and privacy of individuals on the internet, Mozilla is increasing our oversight and adding automation to our compliance-checking of publicly trusted intermediate … Read more The post Improving the Quality of Publicly Trusted Intermediate CA Certificates with Enhanced Oversight and Automation appeared first on Mozilla Security Blog.