After many months of discussion on the mozilla.dev.security.policy mailing list, our Root Store Policy governing Certificate Authorities (CAs) that are trusted in Mozilla products has been updated. Version 2.7 has … Read moreThe post Announcing Version 2.7 of the Mozilla Root Store Policy appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2019/12/11/announcing-version-2-7-of-the-mozilla-root-store-policy/
Privacy is a human right, and is core to Mozilla’s mission. However many companies on the web erode privacy when they collect a significant amount of personal information. Companies record … Read moreThe post Firefox 72 blocks third-party fingerprinting resources appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/
CRLite is a technology proposed by a group of researchers at the IEEE Symposium on Security and Privacy 2017 that compresses revocation information so effectively that 300 megabytes of revocation … Read moreThe post Introducing CRLite: All of the Web PKI’s revocations, compressed appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/
CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of … Read moreThe post The End-to-End Design of CRLite appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/
Mozilla has sent a CA Communication to inform Certificate Authorities (CAs) who have root certificates included in Mozilla’s program about current events relevant to their membership in our program and … Read moreThe post January 2020 CA Communication appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/01/13/january-2020-ca-communication/
The Multi-Account Containers Add-on will now sync your container configuration and site assignments. Firefox Multi-Account Containers allows users to separate their online identities into different tab types called Containers. Each … Read moreThe post Multi-Account Containers Add-on Sync Feature appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/02/06/multi-account-containers-sync/
CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual … Read moreThe post CRLite: Speeding Up Secure Browsing appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/01/21/crlite-part-3-speeding-up-secure-browsing/
Starting in version 75, Firefox can be configured to use client certificates provided by the operating system on Windows and macOS. Background When Firefox negotiates a secure connection with a … Read moreThe post Expanding Client Certificates in Firefox 75 appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/
Prior to being able to display a web page within a browser the rendering engine checks and verifies the MIME type of the document being loaded. In case of an … Read moreThe post Firefox 75 will respect ‘nosniff’ for Page Loads appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/04/07/firefox-75-will-respect-nosniff-for-page-loads/
Firefox has one of the oldest security bug bounties on the internet, dating back to 2004. From 2017-2019, we paid out $965,750 to researchers across 348 bugs, making the average … Read moreThe post Firefox’s Bug Bounty in 2019 and into the Future appeared first on Security Engineering Blog.
More info:
https://blog.mozilla.org/security/2020/04/23/bug-bounty-2019-and-future/
