Security

Web security

Content Security Policy

An added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.

Scripts and the Same Origin Policy

The same origin policy prevents a document or script loaded from one origin from getting or setting properties of a document from a different origin.

Securing your site

Tips and best practices for security your site and your users' data.

Finding browser vulnerabilities

Known Vulnerabilities and Fixes in Mozilla

Learn from our past mistakes.

Bug bounties

We appreciate all bug reports, but we appreciate reports of severe security bugs with $3000 rewards.

Debugging Mozilla with Valgrind

A memory debugger that can also track use of uninitialized memory.

Building Firefox with Address Sanitizer

A memory debugger that can also find non-heap errors.

Dehydra

Mozilla's framework for custom static analyses.

Clang Static Analysis

A static analysis tool to find common bugs in C-family languages.

Is my crash exploitable?

A quick set of heuristics if you don't have time to debug fully.

Fuzz testing

The art of generating random input in order to break software.

View All...

Community

• Forums
  • • Mailing list
    • Newsgroup
    • RSS feed
  • • Mailing list
    • Newsgroup
    • RSS feed

• IRC channels
  • #security on irc.mozilla.org
  • #fuzzing on irc.mozilla.org
  • #websectools on irc.mozilla.org
• Blogs
  • https://blog.mozilla.com/security/
• Twitter
  • @mozsec

Related Topics

• Developing Mozilla