Mozilla Offers $10,000 Bount for Security Bug Cert Verification, Adds New Cert Verification Library to Gecko

Mozilla offers a $10,000 security bug bounty for Firefox 31 certificate verification currently scheduled to launch on July 31. Mozilla stated that they are principally interested in bugs that allow the construction of certificate chains which have been accepted as valid but should have been rejected, or anything in the code that leads to exploitable memory corruption. In general, if Firefox is unable to verify otherwise valid certificates, Mozilla does not consider this to be a security bug, but a bug that caused the browser to accept forged signed OCSP responses would definitely be. In regards to the updated library, the new implementation is now more maintainable, with only 4,167 lines of C++ code, compared to the previous 81,865 lines of code which had been auto-translated from Java to C. In addition, the new library benefits from C++ functionality such as memory cleanup tools. Read the full details here.

Mozilla makes a double announcement today, a $10k bug bounty and a new certificate verification library for their application web browser engine, Gecko.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: March 19, 2015 @ 1:00 p.m. ET / 10:00 a.m. PT The 2015 Enterprise Mobile Application Survey asked 250 mobility professionals what their biggest mobile challenges are, how many employees they are equipping with mobile apps, and their methods for driving value with mobility. Join Dan Woods, Editor and CTO of CITO Research, and Alan Murray, SVP of Products at Apperian, as they break down the results of this survey and discuss how enterprises are using mobile application management and private …

  • On-demand Event Event Date: February 12, 2015 The evolution of systems engineering with the SysML modeling language has resulted in improved requirements specification, better architectural definition, and better hand-off to downstream engineering. Agile methods have proven successful in the software domain, but how can these methods be applied to systems engineering? Check out this webcast and join Bruce Powel Douglass, author of Real-Time Agility, as he discusses how agile methods have had a tremendous …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date