Mozilla Security

"XSS vulnerabilities account for 66% of valid submissions" is why we're pushing hard on CSP in @mozsec . src: pages.bugcrowd.com/hubfs/PDFs/sta…

Christian Holler’s MSc thesis on random testing JavaScript netted him $53,000 in bug bounties and a job at Mozilla: issta2016.cispa.saarland/interview-with…

We're growing the Firefox Services Security team. Want to help @psiinon and I keep the fox safe? Head over to careers.mozilla.org/position/oQ1k3…

We're running a RFP to audit the security of Firefox Accounts. Got the pentest/crypto skills? Email me at jvehent[at]mozilla.com

Woo! The @mozsec HTTP Observatory has hit a million scans! mozilla.github.io/http-observato… Now I just need to find some time to finish the site!

Thanks to @CESG_HMG of GCHQ for helping protect Firefox users. Excellent bug reports for mozilla.org/en-US/security… & mozilla.org/en-US/security…

Bending the curve for HTTPS adoption, which has quadrupled since @letsencrypt launched! mzl.la/24TNT91

How architecting Firefox for security stopped the bugs and spared us the worst of a security breach: bholley.net/blog/2016/the-…

Extend #aflfuzz mutation routines with Python modules: github.com/choller/afl/bl…

Fuzzing a specific part of a large project with #aflfuzz? Try the new partial instrumentation feature: github.com/choller/afl/bl…

Keeping our security code clean and shiny is a big deal. Help us keep our shields up in this good first C++ bug: bugzilla.mozilla.org/show_bug.cgi?i…

Really nice JIT security improvement by @jandemooij: JIT code is now W^X, i.e non-writable unless patching! bugzil.la/1215479

Firefox now supports OCSP Must-Staple: blog.mozilla.org/security/2015/…

Congrats to editors @freddyb @frgx @fmarier @metromoxie! Subresource Integrity is a W3C Candidate Recommendation. w3.org/TR/SRI/

Firefox is simplifying their security indicators. Cool work! twitter.com/TanviHacks/sta…

We’re taking private browsing and #usercontrol to a new level today. mzl.la/1HoJ6yz

Updated security indicators released today in Firefox 42- blog.mozilla.org/security/2015/…