Mozilla Offers $10,000 Bount for Security Bug Cert Verification, Adds New Cert Verification Library to Gecko

Mozilla offers a $10,000 security bug bounty for Firefox 31 certificate verification currently scheduled to launch on July 31. Mozilla stated that they are principally interested in bugs that allow the construction of certificate chains which have been accepted as valid but should have been rejected, or anything in the code that leads to exploitable memory corruption. In general, if Firefox is unable to verify otherwise valid certificates, Mozilla does not consider this to be a security bug, but a bug that caused the browser to accept forged signed OCSP responses would definitely be. In regards to the updated library, the new implementation is now more maintainable, with only 4,167 lines of C++ code, compared to the previous 81,865 lines of code which had been auto-translated from Java to C. In addition, the new library benefits from C++ functionality such as memory cleanup tools. Read the full details here.

Mozilla makes a double announcement today, a $10k bug bounty and a new certificate verification library for their application web browser engine, Gecko.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand Event Event Date: September 10, 2014 Modern mobile applications connect systems-of-engagement (mobile apps) with systems-of-record (traditional IT) to deliver new and innovative business value. But the lifecycle for development of mobile apps is also new and different. Emerging trends in mobile development call for faster delivery of incremental features, coupled with feedback from the users of the app "in the wild." This loop of continuous delivery and continuous feedback is how the best mobile …

  • Java developers know that testing code changes can be a huge pain, and waiting for an application to redeploy after a code fix can take an eternity. Wouldn't it be great if you could see your code changes immediately, fine-tune, debug, explore and deploy code without waiting for ages? In this white paper, find out how that's possible with a Java plugin that drastically changes the way you develop, test and run Java applications. Discover the advantages of this plugin, and the changes you can expect to see …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds