Mozilla Offers $10,000 Bount for Security Bug Cert Verification, Adds New Cert Verification Library to Gecko

Mozilla offers a $10,000 security bug bounty for Firefox 31 certificate verification currently scheduled to launch on July 31. Mozilla stated that they are principally interested in bugs that allow the construction of certificate chains which have been accepted as valid but should have been rejected, or anything in the code that leads to exploitable memory corruption. In general, if Firefox is unable to verify otherwise valid certificates, Mozilla does not consider this to be a security bug, but a bug that caused the browser to accept forged signed OCSP responses would definitely be. In regards to the updated library, the new implementation is now more maintainable, with only 4,167 lines of C++ code, compared to the previous 81,865 lines of code which had been auto-translated from Java to C. In addition, the new library benefits from C++ functionality such as memory cleanup tools. Read the full details here.

Mozilla makes a double announcement today, a $10k bug bounty and a new certificate verification library for their application web browser engine, Gecko.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: October 29, 2014 @ 11:00 a.m. ET / 8:00 a.m. PT Are you interested in building a cognitive application using the power of IBM Watson? Need a platform that provides speed and ease for rapidly deploying this application? Join Chris Madison, Watson Solution Architect, as he walks through the process of building a Watson powered application on IBM Bluemix. Chris will talk about the new Watson Services just released on IBM bluemix, but more importantly he will do a step by step cognitive …

  • Live Event Date: November 20, 2014 @ 2:00 p.m. ET / 11:00 a.m. PT Are you wanting to target two or more platforms such as iOS, Android, and/or Windows? You are not alone. 90% of enterprises today are targeting two or more platforms. Attend this eSeminar to discover how mobile app developers can rely on one IDE to create applications across platforms and approaches (web, native, and/or hybrid), saving time, money, and effort and introducing apps to market faster. You'll learn the trade-offs for gaining long …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds