Mozilla: Security a Significant Focus

REALTIME IT NEWS

Blogs | 7 Day Summary | JustTechJobs

Hardware
- Dell Charges LCD Makers With ...
- Big Tech Teams on Google TV
- Fujitsu Intros new Xeon ...
Software
- IBM Gains Partners for ...
- Google Fixes Its Browser ...
- Virtualization Seen as ...
Mobility
- Droid Upgrade to Android 2.1 ...
- Google Denied Trademark for ...
- Sprint the Latest Nexus One ...
Web Content
- Facebook Trumps Google
- Looking Back on 25 Years of ...
- Google Hires XML Co-Creator ...
Search
- Google May Be Set to Depart ...
- Bing Continues to Gain Share
- Bing Makes Strides But ...
Government
- Senate Cybersecurity Bill ...
- Federal CTO Looks to ...
- Broadband Plan Sparks ...
Developer
- Open Source Business Models ...
- Novell Teams With Ingres for ...
- CodePlex Launches Network ...
Business
- Palm's Outlook Hazy as Pre, ...
- Is Google Trying to ...
- IDC Sees PC Market Rebound ...
Storage
- EMC Lays Out Global Storage ...
- Symantec Takes on ...
- Google Highlights Disaster ...
E-Commerce
- Google, BofA Lauded For Web ...
- Google Offers Local Product ...
- Firms Casting a Wide Net for ...
Networking
- Alcatel-Lucent Update ...
- Comcast Uses Open Source for ...
- VeriSign Planning $300 ...

Blogs
Most Popular
Hot Topics
Opinion

BroCo fires back on hacking, stock manipulation claims

Internet Explorer 9 vs Firefox 3.7 : Open beats Closed

Dot Com Turns 25: How Failure Turned to Success

Comcast CEO defends NBC deal, unsure on Hulu

Time for Google's Eric Schmidt to go?

Firefox 3.6.2 Coming March 30th - Where is 3.6.1?

First Fedora 13 Linux Alpha Shows Promise

Mozilla Apologies Over Jetpack Mockup Design

Does Oracle Losing Sun's Open Source Chief Matter?

Google Summer of Code 2010 Kicks Off

[ More ]

Subscribe
Learn More
Stats
Contact Staff

Select a newsletter and click Join to sign up!

InternetNews.com Podcast

InternetNews.com
Channel XML/RSS Feeds

Enterprise IT Planet News

Click a Topic to Expand

The Social Web

The New Idiot Box

Feeling the Need for RSS Feeds

Web Services Management

Web services: Evolution or Revolution

Making Money Off The Social Web

The Lure of The Social Network

The Privacy of Social Networking

My Grand Google Obsession

Coding Google's Future

Google Fun in The Summer

Google Pushes Apps

Google's Data Ambitions

Google's IPO

Google's Way With Words

Google, Opponents Square Off in DoubleClick Bid

Microsoft's Past Present And Future

The Vista Ripple Effect

A New Era For Microsoft

Eolas, Microsoft Duke it Out over ActiveX

Microsoft Preps Security Makeover for XP

Microsoft's Security Challenge

Microsoft's Storage Ambitions

Microsoft, AOL Become Partners

Microsoft/Yahoo: Can It Work?

Sun, Microsoft Bandage Old Wounds

The Next Microsoft Era

Truth Time at Microsoft's PDC

XML, Microsoft Threaten Adobe's PDF Format

Will Office 2003 Change Everything?

Mobile Universe

Motorola in Trouble

City-Wide Wi-Fi

Connected in The Windy City

Ultrawideband in the Home

Wi-Fi's Hotspots

CTIA in The Big Easy

Technology, Policy and Politics

3G at Home and Abroad

The Competitive Mobile Landscape

CTIA: A Wireless World in Sin City

Gadget Fest: CTIA Wireless 2008

Wireless Policy in Washington

Cradle to Grave Information Management

Disaster Recovery and Continuity

The Storage Compliance Boom

Compliance, Regulation And Storage

Calling all Clusters, Supercomputers

Betting on BPM

Database Software Continues to Evolve

Tech's Legal Battles

Google in Court

RIM Has Patent Issues

Microsoft In Court

Technology in the Courts

End of the IE Antitrust Case

Microsoft's Legal Struggles

The AMD/Intel Antitrust Showdown

A Patent Battle on eBay Territory

Google, Microsoft and Yahoo's Three-Way Search Battle

Calling Net Neutrality

Microsoft's EU Blues

Vonage on The Patent Hot Seat

Platforms and New Packages

VMware and the Virtualization Craze

Virtualization for All

SOAs in The Enterprise

Application Server Biz on the Rebound

Curtain Drawn on Windows Server 2003

SaaS in The Market

Struggling to Stay Atop the Server Market

Web Standards Bodies Fight for Freedom

Open Source Ecosystem

Microsoft: Loosening the Grip on Source

Showcasing Java

Sun a 'Tiger' at JavaOne

The Future of Java

GPL: Software Freedom Redefined

Linux in the Enterprise

Linux on the Desktop

LinuxWorld 04: A More Mature Tux

LinuxWorld Storms San Francisco

LinuxWorld Takes Boston

LinuxWorld by the Bay

Oracle's Linux Realm

SCO Declares War on Linux

The Growth of Linux-Based Storage

The Linux Kernel

Novell, Microsoft in Open Dance

Open Source Open for Business

Open-source Databases Gathering Steam

Oracle Plants Flag at OpenWorld 2006

Evolution of Search

Competing for the Search Lead

Enterprise Search Ready for Prime Time

Mobile Search Takes Flight

Racing To Dominate Desktop Search

Search And Censorship

Search Engine Optimization

Search Meets Mapping

Thinner Slices of The Paid Search Pie


Partner With Us

Mozilla: Security a Significant Focus

Mozilla's senior security executives discuss how they're making the Web a safer place one browser at a time.

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

August 11, 2008
By Sean Michael Kerner: More stories by this author:

Page 2 of 2

Coding practices

Mozilla has made significant progress in its coding practices to ensure higher quality secure code overall. Johnathan Nightingale, Mozilla's human shield, is a key part of the company's security effort, and he noted that code testing has expanded in a number of areas.

"At last count we ran about 60,000 automated tests on multiple platforms for Firefox 3," Nightingale told InternetNews.com. "Every time there is a check-in we run a new group of tests."

Will Design Flaws Flunk Firefox?
Firefox Gets a New Handle on Old Flaws
Mozilla Puts The Fun in Fuzz
A Better View of Microsoft Security?

In comparison, the company ran only about 2,000 unit tests for Firefox 2. In addition, as of the Firefox 3 release, Mozilla has moved to a new distributed code development platform. They had been using Concurrent Versions System, or CVS (define), and are now using Mercurial, a more collaborative and distributed approach.

"The real value of Mercurial is not that it makes testing easier -- it makes it easy for small groups to put together a high-quality code base on their own and then merge it once it's safe," Nightingale said. "In the old days of CVS, that was a hard thing to do," he continued. "Mercurial makes it easier, which in turn makes our coding practices a lot safer by default."

New errors

Over the course of the last year, new errors have been popping up in Mozilla and elsewhere around the Web.

LATEST NEWS

Smartphones Advance, Subscriber Growth Slows

Google May Be Set to Depart China Soon

Alcatel-Lucent Update Wireless Network Gear

Comcast Uses Open Source for IPv6 Deployment

IBM Gains Partners for LotusLive in the Cloud

"What happened for us starting last year is we started seeing interactions between applications as a problem," Snyder said, drawing a comparison to the problem of handling Uniform Resource Identifiers, or URIs (define). "That for us was a new category," she said.

Firefox 2 was patched multiple times in 2007 and 2008 for various URI handling errors. URI allows browser to load up other applications, for example a PDF viewer or QuickTime movie player.

"Because we're an entry point into the operating system, we try and be a robust entry point, and any data we're handing off to other applications needs to make sure it's reasonable and safe," Snyder said. "We need to make sure we're seeing well-constructed queries to other applications and think about how we can be a first level of defense," she added.

Overall the idea of cross-site content and mashups are a concern for Mozilla as it tries to figure out what the safest way is to share information between sites.

"It's something that has been hotly debated at Mozilla," Snyder said, adding that the problem is for the whole Web rather than just Mozilla. "Mozilla is in a great position to influence how the Web ends up implementing that in a way that protects user privacy."

Go to page: Prev 1 2

TAGS: Microsoft, Mozilla, Firefox, security

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

Security Archives | 7 Day InternetNews Summary | Contact Sean Michael Kerner | Back to top

Add internetnews.com
to your browser search box.

IE 7 |

Firefox 2.0 |

Firefox 1.5.x

Receive news
via our XML/RSS:
feed

More InternetNews.com

Hardware	Software	Mobility	Web Content
Cisco Adopts Intel Westmere CPU for UCS Blades IDC Sees PC Market Rebound Through 2014 SGI Joins Xeon Lovefest With Origin Revival	Microsoft and Citrix Join in Virtualization Push IBM Teams With Assurant for Call Center Offering Microsoft Details SP1 for Windows 7, Server 2008	Droid OS Upgrade Could Drop This Week RIM Gives Mobile App Developers a Push Nexus One: Failure or a Late Bloomer?	Google Hires XML Co-Creator in Android Push Twitter Takes Geo-Location Feature Live Awareness Helps Firms Manage Social Networks
Search	Government	Developer	Business
Bing Makes Strides But Momentum Stalls Google, Microsoft & Yahoo Tout Real-Time Results Ballmer Happy With Bing's Progress	Broadband Plan Sparks Spectrum, USF Squabbles FTC Raps Weak Privacy in the Cloud, Social Media Microsoft Comes up Short in Another Patent Case	Microsoft Previews IE 9 Google's Open Source Project-Hosting Milestone Microsoft Offers Silverlight 4 Release Candidate	Red Hat CEO Pitches Open Source for Innovation IT Buyers Gravitating Toward Windows 7 Russian Hackers Manipulated Stock Prices: SEC
Storage	E-Commerce	Networking	Security
Oracle Drops Hitachi Storage for Sun Major Tech Firms Back Online Health Care IBM Offers Mainframe Data Deduplication	CyberSource, ThreatMetrix Team for ID Security Apple's iTunes Hits 10 Billion Download Mark Google Upgrades DoubleClick Ad Server	Cisco Advances Borderless Network Push Blue Coat Virtualizes WAN Acceleration ICANN, .Org Pressing Ahead With DNSSEC	FBI Says Cybercrime Skyrocketing What Microsoft Learned From Botnet Takedown Core Security Identifies Virtual PC Hole

New Openings

Risk Developer - C# - T-SQL - ASP.Net (IL) SALES EXECUTIVE - Technology Sales - New Business (NoCA) Data Warehouse Architect (IL)

Senior Developer – C# - C++ - Python - .Net - SQL Server (IL) Database Infrastructure Engineer (NYC) Systems Engineer Sr – Automation – Opsware SAS / HP SA

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Article: Adobe Helps PHP Developers Create Rich Internet Applications
Case Study: Microsoft IT Strengthens Security with Data Loss Prevention Solution
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Article: Enterprise Social Computing with Microsoft SharePoint 2010
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs

Microsoft Whitepaper: Improve Communications and Collaboration
Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Video: How System Center Helps Reduce IT Costs
IBM Cloud Computing for Developers Virtual Event, April 6-8

Microsoft Video: OCS and Exchange: Platform Futures
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Iron Speed Designer Application Generator

MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
Learn Forefront

Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

RELATED ARTICLES